So I have IPS protection turned on as shown below:
I know that the pattern is updating as shown below:
So I have 2 questions.
1. Shouldn't the 'Time of signature update' change dates when IPS and Application signatures are updated? Mine doesn't. It's always show Aug 25 2022.
2. When I turn off IPS protection, I get a strange error message stating 'Couldn't Update The IPS Status'. Then when I turn IPS protection back on, I get the same error message. What does this error message mean and is it related to question #1?
I cannot find anything mentioning the error message in Sophos's documentation.
Any help or guidance appreciated.
v19.0 MR2 is scheduled to be released Q1 CY2023. NC-100373 will also be fixed in the upcoming v19.5 release later this year.
The issue you're experiencing only affects the display of last signature update…
Thank you for contacting the Sophos Community.
Yes, the "time of signature update" should match the time of "IPS and Application Signatures".
What type of license do you have? and can you take a screenshot of the error?
What is the output of
# df -h
In my case the time of the signature doesn't match:
Glad it's just not me. If you turn off, then on IPS protection, do you get the error message I get (Couldn't update the IPS Status)?
I get an OK message but the date not update to the latest available:
Very interesting....Now I'm curious as to what's different to where you get that status and mine fails but neither updates the date.
I have made a test with a VM in VMware Workstation... I have installed the latest Firmware with the Software ISO. All seems OK with a fresh installation so something is stuck in our installations:
Maybe we can reset the IPS signatures but I don't know how to proceed.
The fact that 2 people have same issue points to a possible bug. I vaguely recall the first time I noticed this, my 'Time of signature update' did update but after that, hasn't since. I've been scouring internet and have not found anything to resolve this as of yet.
For anybody following this thread you might be affected by NC-100373, and this issue is being fixed on MR2.
So basically the IPS will show the sigupdated date&time of earlier firmware, v19.0 due to duplicated cv.
New installations won’t show this, so if you re-image your device to v19.0 MR1, it would show the correct date.
Thank you EmmoSophos,
That's good news. I assume it also includes the 'Couldn't update the IPS status' error correct?
Would you happen to know when MR2 is going to be released or is that a ways off?
did you see this. Looks like I was wrong in your question.
XG115W - v19.0.1 mr-1 - Home
1225v5 6gb ram, SSID, 4 NICs 20w - v19 EAP - on holiday.
If a post solves your question please use the 'Verify Answer' button.
The issue you're experiencing only affects the display of last signature update date/time on the IPS page. The IPS signatures are updated correctly, and the pattern/firmware page displays the correct status/date, so IPS is functioning normally.
As for the error message you're seeing when enabling/disabling IPS:
When IPS is enabled, it needs to load on startup all the IPS signatures which are in use. If you have a lot of signatures, or your host device is slower, it may take a while to load. The UI can time out waiting for IPS to start, and shows the error message you see. IPS does get started, so again it's functioning properly, so again this is a UI display issue. We will also fix this in v19.0 MR2 and v19.5.
That is great news. Thanks bobbylam.