This article details how to change the Time-To-Live (TTL) of 'down-stream' messages from the Sophos Management server to managed endpoints. This may be carried out in order to reduce or increase the time these types of messages are held within the system before being expired.
See the Technical information section for more details on the message types.
First seen in
Enterprise Console 4.7.0
What To Do
As required, create the following DWORD registry keys on the management server under the key:
The values need to be specified in seconds and the Sophos Management Service will require a restart for the new setting to take effect.
When the Sophos Management Service (mgntsvc.exe) generates the following message types:
EM-SetConfiguration is the message type for sending a policy to an endpoint.
EM-DoAction message is used for a message such as:
- 'Full System Scan...'
- 'Update Computers Now'
- 'Resolve Alerts and Errors...', etc..
Messages are assigned a TTL which can be seen in the .msg files (Envelopes directory) represented in 'epoch time'.
Note: By default the TTL for these downstream messages in Enterprise Console 4.7 and later is 4 days (96 hours), prior to Enterprise Console 4.7 they were 2 weeks.