Sophos Endpoint 10.0.2: Auto-downgrade / auto-upgrade

Question

We have (at least) two users who were auto-upgraded from Sophos Endpoint 10.0.1 to 10.0.2, whose Sophos Endpoint is being auto-downgraded back to Sophos Endpoint 10.0.1 and then auto-upgraded to Sophos Endpoint 10.0.2. (One user is running macOS 10.15.7 (19H15) and another is running macOS 11.0.1 (20B50).) 
 Enabling / disabling VPN appears to be involved. 
 Please advise where we can send logs. Thanks.

David Lancaster · Accepted Answer

Thanks for the details, I know we caught up directly but I thought it was worth a public post other users to read. 
 What you're encountering is a limitation with our EAP and Update Caches. 
 What's happening is that when the endpoint connects to the VPN, it tries to use an Update Cache and is only able to get the GA software (10.0.1). Once the VPN disconnects, the Update Cache (which is in your network) is unavailable so the endpoint updates directly from Sophos so can get the 10.0.2 software. 
 It's unfortunate but there is a workaround as Central policy allows endpoints to be assigned to, and removed from, Update Caches. Defining a dedicated updating policy for Big Sur endpoints &ldquo;Without Update Cache&rdquo; will allow the affected endpoints to always update directly from Sophos. 
 We have a defect to track this fix and will update the known issues list.

Sophos Endpoint 10.0.2: Auto-downgrade / auto-upgrade

Top Replies