Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 7874 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

All Clients "Not compliant"

scorpionking
Hi folks!

Next problem with Endpoint Protection... [:)]

All my clients show as [Not compliant] with description "SAV policy is not compliant":


The Administration Guide says:
The status Not Compliant indicates that the device's settings are currently not the same as configured on the UTM. To resolve this problem you find a link in the window to send the current endpoint settings to the endpoint.


So I click on "Resolve" and the status turns to [OK].
The log shows:
2012:09:23-18:46:13 vpn epsecd[13764]: D Epsec::Utils::Logging::_log:59() => id="4245" severity="debug" sys="System" sub="epsecd" name="Sent comply with action" mcs_id=""


But a few minutes later all devices are [Not compliant] again for the same reason.
Here the log shows:
2012:09:23-18:46:53 vpn epsecd[13764]: W Epsec::Utils::Logging::_log:59() => id="4234" severity="warn" sys="System" sub="epsecd" name="Endpoint is not compliant" mcs_id=""
2012:09:23-18:46:53 vpn epsecd[13764]: D Epsec::Utils::Logging::_log:59() => id="4228" severity="debug" sys="System" sub="epsecd" name="Updated AGENT info in the DB" mcs_id=""


What can I do?


This thread was automatically locked due to age.
Parents
  • 0
    Seems I've got a problem that noone else has had before... [;)]

    Is there any log on the client where I can check if something is failing?

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    Seems I'm talking to myself in this thread... [;)]

    Sadly it helps! [:D]

    I think I found the "error":
    I had defined some exceptions for my servers (UNC Path) like described in the Online Help:
    Scanning exclusions: If selected, you can exclude a file, a folder, or a network drive from antivirus scanning. Enter the file, folder, or network drive in the File/Path field, e.g., C:\Documents or \Server\Users\Documents\CV.doc


    But an exclusion like 
    \servername

    or 
    \servername\Share

    seems not to be valid.

    I digged in my client's file system for meaningful logs and found some under "C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs".
    McsAgent.log showed lines like: 
    2012-09-25T19:21:34.186Z [ 5460] INFO  AdapterLogger::Information SAVXP Adapter: Exclusion \servername\ is not valid for SAVXP/2K/2003, this part of the policy cannot be applied.


    Removed all exclusions with UNC Paths, waited some minutes and all clients were in state [Ok] again!

    So please Sophos take out that part of the online help or, better, add a warning. Else it produces errors like these...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to scorpionking
    Interesting, that is good to know.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply Children
No Data
Unfiltered HTML