• Sophos Patch Agent profile

  Use the Sophos Patch Agent profile to ensure that the patch agent is installed on managed endpoints, and that computers are patched. To add the profile to the pre-defined Default and Managed policies, see the NAC Manager Help.
• This release does not include any new minor version-specific profiles, for example Sophos Client Firewall 2.9, because minor versions are detected by the major version-specific profiles, for example Sophos Client Firewall 2.x. (The old minor-version-specific profiles, for example Sophos Client Firewall 2.7, are still included, though.)

• (DEF74281) Sometimes, NAC Manager displays NULL for the last scan time for endpoints, and detects these endpoints as non-compliant because the period since the last scan exceeds the grace period. If enforcement is turned on, NAC quarantines these endpoints until a further scan is completed.

• The Compliance Agent installation may require you to restart the endpoint after installation for the following reasons:

  • During installation, you were prompted to shut down applications that were using shared resources, such as the XMLDOM, and you chose not to shut down these applications.
  • You are upgrading Quarantine Agent, and the upgrade uses a new version of the Agent Quarantine Manager which is a kernel driver.
• (SUG21670) Sophos NAC will not install on the same server as Microsoft Sharepoint server.
• (DEF56259, DEF56336) After installing or upgrading the Compliance Agent, Sophos Enterprise Console displays an "Awaiting policy from console" policy compliance status. This status indicates that the endpoint is waiting for a NAC policy from the NAC Server to determine policy compliance. Therefore, the Compliance Agent on the endpoint has not sent an updated policy compliance status to Sophos Enterprise Console. The workaround is to retrieve the NAC policy through a user-initiated compliance check. To do this, right-click the Agent system tray icon on the endpoint, and select Check Compliance. This issue will also resolve itself automatically when the Compliance Agent retrieves the policy according to the Policy Refresh Interval, which is set to 4 hours by default.

Sophos Compliance Agent uses the Citrix Deterministic Network Enhancer (DNE). If you use another DNE-based application, for example Cisco VPN Client, we recommend that you check that your particular installation is fully compatible with Compliance Agent, before deploying Compliance Agent to a large number of endpoints.

You can find technical support for Sophos products in any of these ways:

• Visit the SophosTalk community at http://community.sophos.com/ and search for other users who are experiencing the same problem.
• Visit the Sophos support knowledgebase at http://www.sophos.com/support/.
• Download the product documentation at http://www.sophos.com/support/docs/.
• Send an email to support@sophos.com, including your Sophos software version number(s), operating system(s) and patch level(s), and the text of any error messages.