This can happen in the following scenarios:
- A new Device Control policy is created and endpoints are currently using the 'Default' Device Control policy.
- An Enterprise Console group ('Group1') is assigned a device control policy ('PolicyA'). 'PolicyA' is then duplicated in Enterprise Console resulting in all computers in 'Group1' showing as 'Awaiting policy transfer'.
This has been logged as DEF49953.
Known to affect the following Sophos products and versions
Enterprise Console 4.0.0
What to do
Short Term workaround
In Enterprise Console you can manually make the client computers comply with the Device Control policy. However, if the scenarios mentioned above reoccur then the same problem will arise again.
- Create a copy of the ‘Default’ Device Control policy and duplicate new Device Control policies from that.
- Do not use the 'Default' Device Control policy if you intend creating multiple Device Control policies.
- Do not duplicate from policies that are in use.
Whenever a device control policy is copied, the revision id of the original policy is updated and becomes mismatched with the revision id the endpoint is reporting. This results in Enterprise Console displaying 'Awaiting policy transfer'. The bug is in Sophos.Management.DeviceControl.dll and was fixed in Enterprise Console version 4.5.The problem experience in Scenario 1 mentioned above occurs because new policy is copied from 'Default' policy.