This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enterprise Console 5.3 question about the computer details tab

Still figuring my way around the Sophos 5.3 console and had a question about the Computer details tab, specifically the Last Message Time column.  We have a remote location with about 50 computers and today their network started to crawl and we determined it was communications with the sophos server.  Nothing special was being done this morning, wasn't sending out anything but once we blocked the traffic from the sophos box the traffic went back to normal.

I do show that the last message time for about  32 of those machines is all within the span of the network issue we had.  Can anyone tell me what does the last message time represent and could that be the cause of my issue ?

Thanks,

Steve



This thread was automatically locked due to age.
Parents
  • Hello Steve,

    endpoints send status messages (e.g. after an update) and alerts (e.g. threats detected) to the management server but this is low-volume traffic (a few kB). A major update (UNC/SMB or HTTP download) could cause noticeable traffic but not more (in the worst case) than 200MB per endpoint. Is this the first time this has happened, for how long do you use Sophos at the remote site?

    Christian

Reply
  • Hello Steve,

    endpoints send status messages (e.g. after an update) and alerts (e.g. threats detected) to the management server but this is low-volume traffic (a few kB). A major update (UNC/SMB or HTTP download) could cause noticeable traffic but not more (in the worst case) than 200MB per endpoint. Is this the first time this has happened, for how long do you use Sophos at the remote site?

    Christian

Children
  • Thanks for the reply Christian,  The only time I have ever seen something like this was a couple of months ago I was upgrading to 10.6.3 and moved too many into group for the new version.

    As far as I know nothing happened, wasn't doing a mass update or anything like that.  Also appears to only have infected 1 remote location and I have many....  might just blame it on sun spots  unless there is some way I can see anything deeper.

    Regards,

    Steve

  • Hello Steve,

    as far as I can see Detection Data have been updated from 5.28 to 5.29. Not a vast amount of data but it could keep a 10Mb link busy for some time. This could increase the error rate, subsequently degrade performance thus aggravate the problem. Just hypothesizing.

    Ever considered a SUM at the remote site(s)?

    Christian

  • Christian,

    I do see a bunch of my endpoints are on detection data 5.29 and my laptop specifically got the version yesterday morning @ about 10:45 am ( from what I see in my AV log)

    I am going to assume that was the cause.


    Appreciate your help with this !

    Regards,

    Steve