We have some exciting news about the Sophos Endpoint Self Help tool in the latest release of Core Agent 2024.2. Some of the features mentioned below will only be enabled once this update has been rolled out to all customers. 

We've made Endpoint Self Help more prominent in the Sophos Endpoint UI so users are aware of the troubleshooting guidance available through built-in tools. Previously, you would have had to navigate into the "About" section to launch the tool. Now, you’ll see the software status and issues reflected in the main UI and a button to launch ESH directly.


Product Analysis Tool

The key purpose of the Product Analysis tool is to determine which Sophos feature/component is involved in an issue on your device. Sophos has many configuration options and components that can be installed, and this tool will help you pinpoint what may be the issue.


  • When proceeding through the "Scenario not listed" steps, features will be enabled/disabled in groups to help streamline the troubleshooting process.
  • A new option, "Manual troubleshoot," allows you to enable/disable individual features at a time if you prefer this approach. 
  • Automatic performance analysis:
    • Highlights specific files/folders where numerous file operations are occurring.
    • The output is automatically generated when selecting certain troubleshooting scenarios.

The following example output shows:

  1. A scanning overview detailing the start/end time of the data collection period.
  2. Four Tables:
    1. Top 10 folders by scan duration
    2. Top 10 folders by scan count
    3. Top 10 folders by scan size
    4. Tip 10 files by scan duration
  3. Each table displays the same information on what is being scanned. 
    1. Path
    2. Scan count
    3. Size (MB)
    4. Duration (seconds)
    5. Duration (% of total)



Sophos Endpoint Self Help: Product Analysis
Sophos Endpoint Self Help: Performance Analysis

System Status Page:

  • Hardware specs
    • CPU Cores
    • Installed Physical Memory (RAM)
    • Primary Disk Type
    • Primary Disk Free Space


  • Additional checks are performed to verify that the device meets the system requirements as specified in our documentation. An alert is generated if minimum requirements aren’t met. 
    Note: The overall health status isn’t affected by this check.

Sophos Central Windows Endpoint: System Requirements
Sophos Central Windows Server: System Requirements

  • Installed Security Products:
    • Antivirus Products
    • Firewall Products

      Running Sophos alongside a third party designed to operate in a similar capacity can cause unexpected behaviour.
      Note: The overall health status isn’t affected by this check. 

Sophos Endpoint Self Help: System

Communication Status Page: 

  • We’ve added a ‘Root Cause Analysis’ channel
    Note: This channel won’t be displayed if 'Enable Threat Graph creation' is turned off in the Threat Protection policy. In addition, it’ll only report bad health if an RCA has failed to upload to Sophos Central.


Update Status Page: 

  • Now displays an ‘Update Health’ status.

Policy Status Page:

  • The ‘Last Sophos Central Policy Update’ timestamp will refresh when any policy render occurs on the device.
  • The ‘Override Sophos Central Policy’ status will display ‘On’ if the local override has been enabled. This can be ‘On’ from performing the override in the Sophos Endpoint Agent UI or using the ESH Product Analysis tool.

Product Logging Tool: 

  • SFS
    • SAVI Logging is now added 

Other Changes:

  • A Timestamp is displayed showing when ESH was launched or the content refreshed

  • ESH will automatically close after two hours if there is no interaction. The following message will appear in the top banner when five minutes remain before the UI closes.

  • Notification upon ESH Launch if product logging levels haven’t been set to the "Default" option

Product updates/changes: 

The following changes are to provide customers and third parties with tools to check the status and configuration of Sophos locally on a device. Further information will be available in the Endpoint Help under Monitor-Software.

  • The command-line tool ‘SophosInterceptXCLI.exe’ has been updated with the following functionality:
    • Query the status of the software monitor (SSM)

    • Query the endpoint configuration

      Note: Currently, only one policy setting can be output.
  • Message Relay and Update Cache
    • This release merges the Update Cache and Message Relay into one component: Sophos Management Gateway. Sophos Central and the Endpoint Self-Help will now display this single component. The Sophos Endpoint Agent UI will be updated at a later date.