Version
ALL

Issue
Sophos updates are causing the Parity Agent to send many events to the Parity server for files that have not changed during the update. This adjustment should be made with any customer running Sophos in a "high volume" situation (such as updates occurring every 5 minutes, or large numbers of Parity Agents).

Symptoms
An excessive amount of events are generated due to Sophos updates.  Some environments have seen upwards of 7-9 million events generated.

Cause
Internal Bit9 property must be updated to properly update Sophos.

Solution
An internal server setting needs to be adjusted. Please contact Bit9 Support citing this solution number (309) for assistance.


Internal Note(s):
https://community.bit9.com/docs/DOC-3681