Does anyone else use Sophos Central (Endpoint Control + Web Control) with MacOS devices that are laptops? Our laptops go home with users everyday and when they come back, a portion of the devices continue to query "http.00.a.sophosxl.net" but receive a Timeout, thousands of times. When we investigate on our Firewall logs, we see each device is still trying to query either their local DNS at home (not routable) or their ISP's DNS server which is also not routable.
It seems like the Sophos client Caches the DNS server provided at a User's house. When they return to the network, they continue making failed queries to these servers. They are doing direct requests to DNS servers and timing out constantly.
This was a waste of time.
I have decided to move off of Sophos due to this issue. They do one thing well, pushing customers away.