Hi,
We’re having frequent issues with a number of Lenovo ThinkPad T14s laptops showing red heartbeat (at risk) status in the XG dashboard. Firewall rules with heartbeat restrictions are also blocking traffic since the status is red. In Sophos Central and on the endpoint the status is green, and all services are running and healthy. Heartbeat status is usually stuck as red and does not change to green or missing. Older laptops such as ThinkPad 490s/T480s are not affected by this.
Heartbeat.log on the endpoints shows it is sending “health:3” as health status which I understand is red health. The log also shows “Connection closed (network error)” after every heartbeat communication to 52.5.76.173 on port 8347.
XG is on the latest firmware 18.0.5-MR5-Build586 and the endpoints on the latest version and rebooted.
Is this a known issue?
Heartbeat.log
a 2021-05-24T07:50:42.217Z [6284:22556] - Received request to enable enhanced application control
a 2021-05-24T07:50:42.217Z [6284:22556] - Sending endpoint state list request
a 2021-05-24T07:50:42.217Z [6284:22556] - Sending login status.
a 2021-05-24T07:50:42.218Z [6284:22556] - Received response to endpoint state list request, size: 1
a 2021-05-24T07:50:52.160Z [6284:22556] - Sending health status: {"health":3}
a 2021-05-24T07:50:52.163Z [6284:22556] - Received notification of endpoint state changes, size: 1
a 2021-05-24T07:50:52.483Z [6284:22556] - Received request to disable enhanced application control for C:\program files (x86)\microsoft\edge\application\msedge.exe
a 2021-05-24T07:50:52.486Z [6284:22556] - Received request to disable enhanced application control for C:\program files (x86)\microsoft\edge\application\msedge.exe
a 2021-05-24T07:55:19.836Z [6284:22556] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-05-24T07:55:20.224Z [6284:22556] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe
a 2021-05-24T08:05:12.930Z [6284:22556] - Sending network status. Active Interfaces:
MAC: 34:2E:B7:0E:6C:A8 - INET: x.x.x.107 - INET6: fe80::1c3a:a66e:1766:8a9e
MAC: 54:05:DB:25:FF:E5 - INET: x.x.x.109 - INET6: fe80::3c8f:c24:ebad:c943
a 2021-05-24T08:05:12.935Z [6284:22556] - Connection closed (network error).
a 2021-05-24T08:05:13.993Z [6284:22556] - Connection succeeded.
a 2021-05-24T08:05:13.993Z [6284:22556] - Connected to 'ec13ffbf-c542-41b2-8ff6-dc070df936d9' at IP address 52.5.76.173 on port 8347
a 2021-05-24T08:05:14.027Z [6284:22556] - Sending network status. Active Interfaces:
MAC: 34:2E:B7:0E:6C:A8 - INET: x.x.x.107 - INET6: fe80::1c3a:a66e:1766:8a9e
MAC: 54:05:DB:25:FF:E5 - INET: x.x.x.109 - INET6: fe80::3c8f:c24:ebad:c943
a 2021-05-24T08:05:14.038Z [6284:22556] - Received request to enable enhanced application control
a 2021-05-24T08:05:14.038Z [6284:22556] - Sending endpoint state list request
a 2021-05-24T08:05:14.039Z [6284:22556] - Sending login status.
a 2021-05-24T08:05:14.039Z [6284:22556] - Received response to endpoint state list request, size: 0
a 2021-05-24T08:05:15.439Z [6284:22556] - Received request to disable enhanced application control for C:\program files (x86)\microsoft\edge\application\msedge.exe
a 2021-05-24T08:05:25.367Z [6284:22556] - Sending health status: {"health":3}
a 2021-05-24T08:05:27.935Z [6284:22556] - Received notification of endpoint state changes, size: 1
a 2021-05-24T08:06:25.227Z [6284:22556] - Connection closed (network error).
a 2021-05-24T08:06:27.312Z [6284:22556] - Connection succeeded.
a 2021-05-24T08:06:27.312Z [6284:22556] - Connected to 'ec13ffbf-c542-41b2-8ff6-dc070df936d9' at IP address 52.5.76.173 on port 8347
a 2021-05-24T08:06:27.314Z [6284:22556] - Connection closed (network error).
This thread was automatically locked due to age.