Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 10155 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Auto comply with policies

Spectrum

Hi,

I been using the Sophos Data Protection Suite for approximately 5 years, and presently on console 5.2.1 and endpoint 10.3

I've requested as a development enhancement through tech support several times which seems to go into a black hole.

Basically we apply tamper protection to prevent staff from disabling/altering any of the products settings.  However IT staff do need to turn off the firewall, etc to do various tests.  The problem is that they forget to turn the protection back on, and comply with the policies.

What I want on the endpoint is a pop up box when removing tamper protection, and subsequently disabling features (in otherwords, not compling with the policies).  The pop up should ask the user how long before it re-complies with policies, such as a dropdown offering 1 hour, 4 hours, upon next reboot).  A bit look the snooze option for windows updates.

This has been around in other vendor products for years, and I'm gobsacked Sophos are missing this trick!  It also leaves open a big security risk.

Does anyone know if this is on the roadmap? Or can you point me to a Sophos employee who can escalate my request, rather than putting it in the bin.  First line support seem to read off a script and not action my requests.

I look forward to anyone's response.

Thanks,

Jon

:51528


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Maybe not quite what you're after but Sophos Cloud will auto-comply the policy after 2 hours.

    The only other way to get SEC to send down a policy is:

    1. The client to send back a "no-ref" in the status message for the policy in question.

    2. The computer to change group in SEC.

    The first option, is how the client gets its initial policy following install.  Essentially RMS keeps a cache of the SEC policy under the adapter storage directory, e.g. C:\Programdata\sophos\remote management system\3\agent\adapterstorage\[component]\[subcomponent].  This is compared against the component's actual config to determine if the endpoint is in compliance for the given component.  So you can delete any of these cached policies, restart the Sophos Agent service to trigger a status message.  If a file is missing, it will get "no-ref" for the policy and will ask for one.

    So in theory, you could have a logoff or sthutdown/startup script to delete the file and restart the agent.  This would at least guarantee you were never too far away from the client getting the correct policy again.  Maybe something to work with.

    Regards,

    Jak

    :51558
Reply
  • 0

    Hello,

    Maybe not quite what you're after but Sophos Cloud will auto-comply the policy after 2 hours.

    The only other way to get SEC to send down a policy is:

    1. The client to send back a "no-ref" in the status message for the policy in question.

    2. The computer to change group in SEC.

    The first option, is how the client gets its initial policy following install.  Essentially RMS keeps a cache of the SEC policy under the adapter storage directory, e.g. C:\Programdata\sophos\remote management system\3\agent\adapterstorage\[component]\[subcomponent].  This is compared against the component's actual config to determine if the endpoint is in compliance for the given component.  So you can delete any of these cached policies, restart the Sophos Agent service to trigger a status message.  If a file is missing, it will get "no-ref" for the policy and will ask for one.

    So in theory, you could have a logoff or sthutdown/startup script to delete the file and restart the agent.  This would at least guarantee you were never too far away from the client getting the correct policy again.  Maybe something to work with.

    Regards,

    Jak

    :51558
Children
No Data
Unfiltered HTML