I have many endpoints where sophos device encryption service is not started. I can manually start the service but would stop again. This affects different systems at different times. What can be done to remedy this? If this cannot be solved, is it possible to at least ignore this service in health reporting? When the service stops, the system health goes to critical and this paints a very bad picture to IT auditors
Thank you for reaching out to the Sophos Community.
I would like to ask if you're applying an Encryption Policy to begin enforcing encryption on the affected devices or if the Device Encryption component is not currently being used on the affected devices?
If you aren't enforcing encryption on the devices, it's possible to use the "Manage Endpoint Software" function from Sophos Central to remove the component where it isn't needed.
If you’re enforcing encryption, is it possible for you to provide me with logs from one of the affected devices? I will reach out to you via DM to request further details.
We have an encryption policy which seems to be working fine. Of a total of 258 or so systems, this affects about 10 - 20 computers at any given time.