Good morning all, I am beginning to have a serious issue with our PC's since moving over to Sophos Intercept X Advanced. I am beginning to have PC's stop sending their Heartbeat, Sophos Central shows the PC as no longer sending a heartbeat and I believe what happens is the system goes into a protected mode, preventing the PC from having any network access, actually preventing its IP so my network icon immediately changes from connected to no connection. Most of the time the PC's are bouncing back and resume sending the heartbeat without any intervention on my part.
However some are not bouncing back and left in this disconnected state until, I manually assign an IP address to get the heartbeat back then I can simply reset the network card back to DHCP. This is beginning to be a serious issue, as yesterday this happened to 3 PC's and today I just back from our other plant because of the same issue on another PC.
Any users experienced something similar? Intercept X is managed through Sophos Central as well we do have a Sophos XG firewall that ties everything together. I have reached out to Sophos support but in the meantime if anyone has some suggestions to possible look at, please let me know, I'm at a loss as to why this is happening, if it's a bug, I'm not sure.
Oh I should also add before someone asks, when Sophos Central reports the device as no longer sending a heartbeat, I do acknowledge the event to allow the PC status to go back to green because my firewall rule does have the Security heart enabled on the PC must at least have an amber status or greater to maintain its network connection.