Within the past 2 weeks there has been a major increase in the amount of Sophos Alerts for Policy non-compliance: Network Threat Protection. The generated alert only gives the following information:
-
What happened: A computer does not comply with the Sophos Central policy you applied to it.
-
Where it happened: (device name would be here, but removed for obvious reasons)
-
User associated with device: (device name would be here, but removed for obvious reasons)
-
How severe it is: Medium
-
What Sophos has done so far: We tried to reapply the policy.
-
What you need to do: Go to the computer to check that it is turned on and connected to the internet. If it is and the problem persists, re-protect the computer.
The last portion of what you need to do is not helpful at all as the device is being reported while online. The option to reinstall Sophos on these machines is not going to work as there was literally 200 new alerts that just came in today alone(all the same exact thing). No changes have been made on our network with the exception of having our AMP security application get updated.
When going into Sophos Central and the Alerts Tab, this can be marked as acknowledged, but it still does not explain the reason as to why all of these alerts have appeared out of nowhere. We typically have only a couple alerts a week, if that, and they are mostly PUAs that end up being cleaned up automatically without needing to do anything on the physical device.
Any recommendations or answers will be greatly appreciated. A permanent resolution would be even better of course.
This thread was automatically locked due to age.
