After installing the on-premise version of Sophos Anti-Virus for Mac (reporting to the Enterprise Console) the Mac endpoint appears in the console with 'Unknown' in the 'Up to date' column and the number of identity files shown in the 'IDEs' column is 1.
The full behavior observed is:
- Mac endpoint is installed with SAV for Mac v9.0.x and then appears in 'Unassigned' folder of the Enterprise Console.
- While the Mac endpoint is in the Unassigned folder it reports 'Up to date' as ‘Not since..’ and an IDEs count of greater than one - for example 412. This is expected/normal behavior
- Mac endpoint is moved into a group with an update policy and then complied with that policy. As soon as the policy is applied 'Up to date' shows as 'unknown' and the IDE count is shown as '1'. This is unexpected behavior.
- If you choose update now in console nothing changes in the console for the next 30 minutes to a couple of hours.
- Eventually the Mac endpoint reports back with correct IDE count and 'Up to date' as 'yes'.
Note: This behavior did not occur with Sophos Anti-Virus for Mac (SAV for Mac) version 8.
First seen in
Sophos Anti-Virus for Mac OS X 9.0.4
Sophos Anti-Virus for Mac OS X 9.1.3
Mac OS X
This is expected behavior for SAV for Mac 9.0.x and is due to the new installer code. The reason for only one IDE being reported is that the Sophos Agent only counts the 'vdl.dat’ file as the single IDE.
What To Do
Once the endpoint is assigned to a group, gets its update policy from the console, and the performs an update the endpoint will report the full IDE set.
We are working to improve this behavior with the release of SAV for Mac 9.1.3.
To assign an Enterprise Console group to the Mac endpoint during installation, and workaround this issue, see article 119791.