Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Recently we found out that firefox has been renamed to firefox quantum and found that it was being blocked by the Sophos application control policy. I added the new version of firefox to the allowed application list and applied the policy from the Enterprise console. Most agents once applied the policy firefox worked again. The problem is in my environment we have computers that are used mainly outside the network. While we do have the network configured for the remote management some computer when outside the network do not show online in the SEC. Thus this we have some with an outdated application control policy and the only way to get them updated is to have the user bring in the computer which in some cases in not really a solution as they are to far the office and never come in. I was wondering if someone could tell me where the files that control the application control policy is located. I want to copy the policy from a computer which is updated to a computer that is not syncing with the SEC. Please let me know the best way to update these computers as right now they can not open firefox. These computer have an external update policy and I can confirm via our computer management tool that they are indeed getting updates just not reporting to the sec so the application policy is outdated.
Hello Scott Ishbia,
an external update policybut do they update from one of your CIDs (published with a web server)? If so, you could configure this CID with an XML policy file. It's not "a file that has to be replaced" - would make it too easy bypass a policy.
In reply to QC:
I will give this a try. But the computer in question show offline in the SEC so will this force the clients to update the policy even if they show offline but are connected to the internet?
In reply to Scott Ishbia:
show offline in the SECthe offline/online (or rather in terms of SEC Disconnected/Connected) status is determined by the Remote Management System (RMS). RMS uses ports 8192/8194 and is independent from updating (that uses NetBIOS/SMB or HTTP). Thus an endpoint might update but be unable to communicate, or it might communicate but be unable to update.If RMS is connected the endpoint will receive its policies via RMS. XML files in the CID are an alternative way to provide policies to endpoints.
ok thanks. I have been reading over the steps to do this. Should Confgicid.exe be run from enterprise console or the update manager where the agents are updating from?
most important is to run it for the desired CID. :) Not unlikely that the management server can't access the CIDs on a remote SUM. Please see here.
Thank You. I was able to create the XML policy and run it for the CID. It looks like now these clients policy are updated.