Sophos Enterprise Console (SEC) is not supported after update.

Hello rarrell66,

please run the Policy Evaluation Tool manually. If it still complains about an old version we'd have to dig deeper. As far SEC's operation is concerned this is an informational message only and does not interfere with SEC. The policies aren't evaluated though (and can't be set to recommended values by this tool).

Christian

I had run that before, all it shows is the policy's and the recommended changes to the security policy.

Rob

Hello Rob,

as the article says, PET terminates immediately if the version is not supported. If you get the Policies output PET doesn't see a problem.
I'd have expected that the message is cleared automatically but that doesn't seem to be the case. Looking closer at the screenshot I see 4/13/2017 as initial date. Wonder if you have to acknowledge (Do not show again) it.

Christian

Christen,

       I created a test user and gave the appropriate permissions, logged in and selected the box "Do not show this again" and it worked for that profile. All other profiles it still pops up on. The system still thinks it has a lower version than what is actually installed. I am curious if this is causing any other issues that I do not see yet. In the event viewer there is event id 5000 and 7000 that keeps reoccurring as well. Below is the details.

5000

Hello Ron,

the 5000 and 7000 could be transient errors as described here (Cannot open SOPHOSPATCH52) and here (Patch service errors). Can you confirm this?

Lo and behold!
I use to ignore the PET part in the messenger - took a closer look now. Guess what it says for the Date:? 4/13/2017 ! Something's broken, likely with PET which apparently no longer does the (semi-)automatic evaluation runs. 

[Edit]
The above isn't true, at least a considerable part of it. Please see my next post
[/Edit]

Christian

Hello Rob,

not really a solution to the PET no running as it should problem but maybe this helps you to get rid of the annoyance. It gets weirder the deeper I dig.

Messenger uses Sophos.PET.Messenger.xml. This file isn't updated when you run PET from the command line. The date in this file is an artifact or whatever, it's the same value only adjusted for the timezone. It's not clear when this file is actually updated. Also on one of my servers the Sophos Policy Evaluation Service is missing - or I can't see it. Weird.
If the service exists it starts the PET every 30 days (see policy-evaluation-tool-service.txt in %ProgramData%\Sophos\Policy Evaluation Tool\Logs, search for Running Policy Evaluation Tool).

Please check the following key: HKLM\SOFTWARE\Wow6432Node\Sophos\PET for a value named LastDetectedSecVersion - it shouldn't be there. If it isn't try to run the PET with the undocumented (and thus unsupported) /soapbox switch. As far as I could find out this will update the Sophos.PET.Messenger.xml. This should get rid of version message and display the policy message instead.
[Edit]
Another option (at least I guess, haven't tested it) is to delete the LastEvaluated value from the PET key. The service should run PET within the next hour.
Yet another option is to (temporarily) set the value PolicyAutoCheckInterval to 1, instructing the service to run PET each day.
[/Edit]

Christian

The "LastDetectedSecVersion"="5.2.1" key was in the registry. I backed it up and deleted it. Now when I login it shows the 10 policies that are "Non-recommended" settings as I suspect it should. The Date still shows 4/13/2017 though. At least I am making headway!

Thank you for your help!

Rob

Hello Rob,

as said, the date is a constant.
Looks like the background PET has been run meanwhile (or did you run it with the /soapbox switch) as my tests suggested that 1) PET assesses the SEC version on each run, 2) PET and messenger communicate via the .XML not the registry. Anyway it should be solved.

Christian

I ran it with the /soapbox switch to no avail. The end fix was to delete the registry key.

Thank you again for your help!

Rob