Thread Info
  • State Suggested Answer
  • +8 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 23 subscribers
  • Views 26912 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What actually throws a "Real Time Detection Disabled" high alert?

CharmingYeti

Sometimes in the morning when I come in to the office I notice I have "Real Time Detection Disabled" alerts.  The thing that bothers me is that the users and machines this is happening to/on do not have the rights to disable the protection service.  By the time I actually get to checking out the machines, the services are usually back up and running. 

 

Anyone have any words of wisdom here?



This thread was automatically locked due to age.
Parents
  • +1

    I was told by support that this can be tripped on shutdown/restart if the services stop out-of-order.  Essentially if the MCS Agent stops *after* the other services, it reads it as an error state and sends the alert.  They told me this was on the radar to be fixed, but that was about a year ago now.

  • 0 in reply to K_M

    Yeah, it'd be nice if that was cleared up.  It's odd when I have a boss asking after it and I am not able to explain why there are high alerts on the dashboard.  I kinda figured it was an out of order service stop or maybe when the machine is receiving a major Sophos update. 

Reply
  • 0 in reply to K_M

    Yeah, it'd be nice if that was cleared up.  It's odd when I have a boss asking after it and I am not able to explain why there are high alerts on the dashboard.  I kinda figured it was an out of order service stop or maybe when the machine is receiving a major Sophos update. 

Children
No Data
Unfiltered HTML