A 'Comparison Failure' is shown on the 'Policy Compliance' column within Sophos Enterprise Console.
First seen in
Enterprise Console 4.5.0
The 'Comparison Failure' error can be a transient error, but the common causes are:
- The Sophos Anti-Virus service is not started or disabled
- Incorrect security permissions on the Sophos Anti-Virus Config folder
- The NT AUTHORITY\SYSTEM account is not a member of the local SophosAdminstrator group. (Not required as of Sophos Anti-Virus 10.3.2)
What To Do
As the 'Comparison Failure' error can be a transient error, it should rectify itself over a short time. However if the alert is still shown, please follow the below:
- Within the Enterprise Console select the affected endpoint(s).
- Right-click and choose 'Comply with' and then select 'All Group Policies' for these endpoint(s)
- After a short while the endpoint(s) should report back 'Same as Policy' for the Policy compliance column.
If the endpoint(s) are online and have not changed their status after a while then further steps are required on the affected endpoint.
On an affected endpoint please confirm the following:
- Confirming the Sophos Anti-Virus service is started
- Navigate to Start | Run | and type services.msc and then enter.
- Choose 'Sophos Anti-Virus' from the list of services and confirm the status is 'started'.
- Right-click on the 'Sophos Anti-Virus' service and select restart.
- Confirming security permissions for the Sophos Config Folder
Windows 7 / 8 / 2008+
Windows XP / 2003
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\
- Navigate to the folder path above.
- Within the previous subfolder of 'Sophos Anti-Virus' right-click on the Config folder and select properties.
- On the 'Security Tab' confirm the default permissions below are in place.
- Add the below users if they are not listed within the security tab.
- Then restart the 'Sophos Anti-Virus' service as listed above
|User / Group ||Permissions |
|Everyone ||Read |
|Local Service ||Full Control |
|Administrators (Local) ||Full Control |
- Confirming the NT AUTHORITY\SYSTEM account is a member of the SophosAdminstrator group
- Navigate to Start | Run | and type compmgmt.msc and then enter.
- Select Local Users and Groups from the left-hand pane.
- Then select groups and right-click on the 'SophosAdministrator' group and select Properties.
- Confirm NT AUTHORITY\SYSTEM is listed.
- If the account is not listed, then add the account to the group.
- Then restart the 'Sophos Anti-Virus' service as listed above.
Note: If you still encounter issues, please enable further logging and contact Technical Support:
- Further logging
If the above steps fail to resolve the 'Comparison Failure' issue please follow the steps below:
- Enabled verbose agent logging on the client:
- Stop the 'Sophos Agent' service.
- Open the Registry Editor. See Registry Editor for more information.
- Browse to HKEY_LOCAL_MACHINE\software\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent.
- Create a new DWORD value named 'LogLevel'.
- Change its value to 2.
- Re-start the 'Sophos Agent' service.
- From the console force a comply for the 'All Group Policies' to the client.
- Allow the client to communicate to the console.
- Run the Sophos Diagnostic Utility (SDU) on the client and forward the output file. For more information on the SDU program please see: Sophos Diagnostic Utility (SDU): how to download and install