Modifying the Time-To-Live (TTL) of downstream messages from Enterprise Console

  • Article ID: 113417
  • Updated: 12 May 2014

This article details how to change the Time-To-Live (TTL) of 'down-stream' messages from the Sophos Management server to managed endpoints.  This may be carried out in order to reduce or increase the time these types of messages are held within the system before being expired.

See the Technical information section for more details on the message types.

First seen in
Enterprise Console 4.7.0

What To Do

As required, create the following DWORD registry keys on the management server under the key:

HKLM\SOFTWARE\[wow6432node]\Sophos\EE\Management Tools\ 

  • MessagingDoActionTimeout
  • MessagingSetConfigurationTimeout

The values need to be specified in seconds and the Sophos Management Service will require a restart for the new setting to take effect.

Technical Information

When the Sophos Management Service (mgntsvc.exe) generates the following message types: 

  • EM-SetConfiguration
  • EM-DoAction

EM-SetConfiguration is the message type for sending a policy to an endpoint.
EM-DoAction message is used for a message such as: 

  • 'Full System Scan...' 
  • 'Update Computers Now'
  • 'Resolve Alerts and Errors...', etc..

Messages are assigned a TTL which can be seen in the .msg files (Envelopes directory) represented in 'epoch time'.

Note: By default the TTL for these downstream messages in Enterprise Console 4.7 and later is 4 days (96 hours), prior to Enterprise Console 4.7 they were 2 weeks.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent