Enterprise Console: 'Comparison failure' Alert within Policy Compliance.

  • Article ID: 28358
  • Rating:
  • 12 customers rated this article 2.8 out of 6
  • Updated: 21 Oct 2013

Issue

A 'Comparison Failure' is shown on the 'Policy Compliance' column within Sophos Enterprise Console.

First seen in

Enterprise Console 4.5.0

Cause

The 'Comparison Failure' error can be a transient error, but the common causes are:

  • The Sophos Anti-Virus service is not started or disabled
  • Incorrect security permissions on the Sophos Anti-Virus Config folder
  • The NT AUTHORITY\SYSTEM account is not a member of the local SophosAdminstrator group. (Not required as of Sophos Anti-Virus 10.3.2)

What To Do

As the 'Comparison Failure' error can be a transient error, it should rectify itself over a short time. However if the alert is still shown, please follow the below: 

  1. Within the Enterprise Console select the affected endpoint(s).
  2. Right-click and choose 'Comply with' and then select 'All Group Policies' for these endpoint(s)
  3. After a short while the endpoint(s) should report back 'Same as Policy' for the Policy compliance column.
If the endpoint(s) are online and have not changed their status after a while then further steps are required on the affected endpoint.

On an affected endpoint please confirm the following:
  • Confirming the Sophos Anti-Virus service is started
  1. Navigate to Start | Run | and type services.msc and then enter.
  2. Choose 'Sophos Anti-Virus' from the list of services and confirm the status is 'started'.
  3. Right-click on the 'Sophos Anti-Virus' service and select restart.
  • Confirming security permissions for the Sophos Config Folder

    Windows 7 / 8 / 2008+
    C:\ProgramData\Sophos\Sophos Anti-Virus\Config

    Windows XP / 2003
    C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\
  1. Navigate to the folder path above.
  2. Within the previous subfolder of 'Sophos Anti-Virus' right-click on the Config folder and select properties.
  3. On the 'Security Tab' confirm the default permissions below are in place.
  4. Add the below users if they are not listed within the security tab.
  5. Then restart the 'Sophos Anti-Virus' service as listed above

User / Group Permissions
Everyone Read
Local Service Full Control
Administrators (Local) Full Control

  • Confirming the NT AUTHORITY\SYSTEM account is a member of the SophosAdminstrator group 
  1. Navigate to Start | Run | and type compmgmt.msc and then enter.
  2. Select Local Users and Groups from the left-hand pane.
  3. Then select groups and right-click on the 'SophosAdministrator' group and select Properties.
  4. Confirm NT AUTHORITY\SYSTEM is listed.
  5. If the account is not listed, then add the account to the group.
  6. Then restart the 'Sophos Anti-Virus' service as listed above.

    Note:
    If you still encounter issues, please enable further logging and contact Technical Support:
  • Further logging

    If the above steps fail to resolve the 'Comparison Failure' issue please follow the steps below:
  1. Enabled verbose agent logging on the client:
    1. Stop the 'Sophos Agent' service.
    2. Open the Registry Editor. See Registry Editor for more information.
    3. Browse to HKEY_LOCAL_MACHINE\software\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent.
    4. Create a new DWORD value named 'LogLevel'.
    5. Change its value to 2.
    6. Re-start the 'Sophos Agent' service.
  2. From the console force a comply for the 'All Group Policies' to the client.
  3. Allow the client to communicate to the console.
  4. Run the Sophos Diagnostic Utility (SDU) on the client and forward the output file.  For more information on the SDU program please see: Sophos Diagnostic Utility (SDU): how to download and install

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments