This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

STAS ISSUE !!!

Hi,

i have configured stas in DC and after configured user and connected through STAS and no login required i have created multiple groups with user rule in sophos.when user login to system i have checked the log its showing as per created rule but after some time its changed to network based rule so the web policy not applied so if any one having any solution please help.

This thread was automatically locked due to age.

Top Replies

carbon15 over 1 year ago +1 suggested

Check the STAS logs (the STAS + EVENT logs) for the reason. Could be a number of reasons, being replaced by another account of failing the log off detection method. Either way the first place to look is…

Parents

0 satyabrata bastia over 1 year ago

i have face same issue stiil any one having solution please help

isuue-After user login with AD credential user get internet .so i have created with multiple user based policy but after 15 to 20 min its changed to network policy so please help.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 satyabrata bastia over 1 year ago

i have face same issue stiil any one having solution please help

isuue-After user login with AD credential user get internet .so i have created with multiple user based policy but after 15 to 20 min its changed to network policy so please help.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Bharat J over 1 year ago in reply to satyabrata bastia

Hi satyabrata bastia

May I know the number of users affected facing the same issue?

Regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 satyabrata bastia over 1 year ago in reply to Bharat J

Hi,

all user having same issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 1 year ago in reply to satyabrata bastia

Hi satyabrata bastia

Suspecting issue from between your DC and System level

Please follow the link shared by Vivek Jagad and try to make sure settings are as per the document as well as check the logs as guided

Please share all the findings with a snapshot along with the current setting/configuration applied on Sophos XG and DC.

Thanks and regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 satyabrata bastia over 1 year ago in reply to Bharat J

i have checked with sophos wmi pooling method using one ip address its showing access denied.so we need to configure wmi or ping method .
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 1 year ago in reply to satyabrata bastia

Hi satyabrata bastia

Yes, it is a Windows System level issue, how many windows systems you have faced the same access denied message while testing from STAS suite?

The fix is provided by Microsoft as per the below link try and share the result.

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Contact Microsoft support as well to solve the issue with wmi or ping polling method if above link not useful.

Thanks and Regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 satyabrata bastia over 1 year ago in reply to Bharat J

we have 250 user and i have with ip in wmi its denied
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 1 year ago in reply to satyabrata bastia

Can you try with one or two windows system for a test as per the below link and share the result ?

https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c

Regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 satyabrata bastia over 1 year ago in reply to Bharat J

sir i have check with sophos document for wmi polling method need to configure windows gpo,logon and logoff detection should be enable and inbound wmi connection should be enable .so please tell me which one i will follow to resolve or ping method should be enable
Cancel
Vote Up 0 Vote Down

Cancel
0 Bharat J over 1 year ago in reply to satyabrata bastia

satyabrata bastia said:
sophos document for wmi polling method

Yes you have already found the issue with help Sophos Document where wmi is getting failed from Windows System now you have to fix the issue from your Windows Systems as per the shared link.

Regards

"Sophos Partner: Infrassist Technologies Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 satyabrata bastia over 1 year ago in reply to Bharat J

sir can i share windows issue document i found when i checked with sophos stas document .

i have collected all details with screen shot if you conform then i will send you
Cancel
Vote Up 0 Vote Down

Cancel