This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Differ from Policy on Exploit Prevention Policy

 All my endpoints shows  Differ From policy on Exploit Prevention Policy, my SEC version 5.5. How can this be fixed it is really an eye sore when 89% of your endpoints has an error differs from policy



This thread was automatically locked due to age.
Parents
  • Hello Sanwenn Picson,

    there's an as yet unresolved issue when the application path contains multi-byte utf8 characters. If it affects the majority of your endpoints and Comply with ... has no effect this could be the cause. When have you noticed it?

    Christian

  • it started when we renewed our license and upgrade SEC to 5.5. that was around december of last year

  • Hello Sanwenn Picson,

    the issue existed already at this time. You couldn't manage EXP with SEC versions below 5.5.0 thus you had the issue right from the start, haven't you?

    Christian

  • yes, at first i did not noticed it coz we are on the process of upgrading all our endpoints from win XP to windows 10, after we are done deploying Sophos on all our endpoints and defining all the policy, the problem occurred.  Is there a fix already available, its been how many months now. Right now we have a problem, we are a Financial institution and we are under audit and this problem will definitely raise a red flag with our external auditors.

  • Hello Sanwenn Picson,

    as the article says: For Sophos Enterprise Console customers - The product release has been moved into July. It is an update to Exploit Prevention. Can't say why it takes that long to fix it.

    we are under audit
    I'm surprised that auditors already consider something like exploit prevention but maybe it's just that something isn't green, not what this something it actually is, that bothers them.
    Joking aside - naturally your auditors likely won't settle for This is a reporting issue only, the policy is applied and the endpoints are fully protected. I think that Sophos take this seriously and that they don't drag their feet with EXP but it's not wise to rush things (as this could actually cause EXP to break).

    Christian

  • You know how this auditors works, and they dont buy that this issue is only a messaging issue, so there's no work around for this one, all we have to do is wait.

Reply Children
No Data