This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

**Update 9** Root cause analysis KBA has been published: see knowledge base article for the latest.

**Update 8** As part of a routine database maintenance task customers may notice a few intermittent install and policy rendering failures. Please retry before contacting support. 7/17/2017 8:00 AM PST

**UPDATE 7** Some customers may notice a few intermittent install failures, please retry before contacting Sophos Support. 7/14/2017 2:00 PM PST

**UPDATE 6** Installations are being processed normally, service is restored. Please re-download installer from Central. 7/14/2017 9:00 AM PST

**UPDATE 5** Installations are now working as of July 13, 2017 19:00 UTC-5. See knowledge base article for the latest.

**UPDATE 4** New installs likely to still fail. http://centralstatus.sophos.com/#!/ has latest update. 

**UPDATE 3** System is now processing backlogs. Please see last updates here.

**UPDATE 2** Issue is ongoing, apologies. Impacts all areas within Central that rely on MCS communication between client and Central. 7/13/2017 8:00 AM PST

**UPDATE** Development has identified root cause and is working on a fix. 

Hello,

We are seeing delays with policy changes and enforcement in Sophos Central (US-West region) as well as installation failures due to inability of new endpoint installations to initially register. Our engineers are working to restore latency. Please note your endpoints remain protected. Updates will be provided on this thread.

KBA: https://community.sophos.com/kb/en-us/126477

Thank you,

Bob



This thread was automatically locked due to age.
Parents
  • Does anybody know the trick to get a Sophos person who knows the difference between software and malware?  I opened a (lack-of) support ticket regarding the following:

    "Repeat malware detections on the same computer. Is Sophos not cleaning it up?"

    Here is the reply from (lack-of) support:

    "Most of the PUAs when detected will be cleaned by sophos automatically. However, the event to be updated on central takes some time. I would suggest you to check with the client in question manually once and verify the event log. For more information on PUA please refer the below article,
    Article ID: 119631
    Title: How to resolve 'Potentially unwanted application detected' alerts in Sophos Cloud
    URL: http://sophos.com/kb/119631"

  • I am seeing this as well.

    Scenario:

    Aug 10 12:42pm PUA locally cleared: 'Open Install' at 'C:\users\username\downloads\winzip170.exe'

    Aug 10 12:42pm PUA detected: "same file/location as above"

    Aug 10 12:43pm PUA locally cleared:'Open Install' at 'C:\users\username\downloads\winzip170.exe'

    Aug 10 12:44pm PUA detected: "same file/location as above"

    Aug 10 12:58pm PUA cleaned up: 'Open Install' at 'C:\users\username\downloads\winzip170.exe'

     

     

    39 days...and the Big Orange Triangle is still starring me in the face...as ugly as ever.....for as long as the world shall turn??

     

     

     

  • We had a few installs work Friday afternoon so support closed my ticket.  They are now failing again.  This is the WORST company ever and I hope other people stay away from this disaster.

  • Yippie...its Monday and Sophos strikes again.

    Got another ALERT....'Troj/Iframe-CG' at '\\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy8\pagefile.sys

    As per Sophos site...ONLY way to remove is MANUALLY.

     

    Yup...thats exactly why I bought Sophos, so I can remove stuff manually. 

     

     

     

     

  • SAV is unable to access locations where windows creates a shadow copy so you'll need to access that location manually.

Reply Children