Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Excessive events during Sophos (Windows) definition update

Excessive events during Sophos (Windows) definition update

Version
ALL

Issue
Sophos updates are causing the Parity Agent to send many events to the Parity server for files that have not changed during the update. This adjustment should be made with any customer running Sophos in a "high volume" situation (such as updates occurring every 5 minutes, or large numbers of Parity Agents).

Symptoms

An excessive amount of events are generated due to Sophos updates.  Some environments have seen upwards of 7-9 million events generated.

Cause
Internal Bit9 property must be updated to properly update Sophos.

Solution
An internal server setting needs to be adjusted. Please contact Bit9 Support citing this solution number (309) for assistance.


Internal Note(s):
https://community.bit9.com/docs/DOC-3681

                                                                                                                                                                                                                                                                                                                                                                                                                                                                          

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-17-2015
Views:
669
Contributors