Have been working with support on this issue, and they cannot seem to find the issue.
We have seemingly random endpoints that do not have heartbeats with our firewall. This is causing odd traffic blocks on the affected endpoints due to the Network Threat Protection service.
For example, all endpoints that do not show a "Security Heartbeat Firewall" under summary in Sophos Central cannot download any files from Adobe.
The affected endpoints do not show up as "missing" in the firewall. The affected endpoints are not consuming licenses, either. For example, the firewall lists 265 endpoints with heartbeats, our license shows 270 endpoint licenses used, while our Sophos Central has over 400 devices.
I have been unable to find any differences in an endpoint with a heartbeat and one without. They have the same policies, etc. The only thing I know for sure is to check an individual device and look for "Security Heartbeat Firewall", if that's missing then I know it's affected.
Thank you for any recommendations.
Edit: I should add that these are Windows endpoints experiencing problems, and we are using Intercept X Advanced with XDR.
Edit 2: I tried removing endpoint from a PC, leaving the domain, and deleting it from AD/Sophos central. It still did not resolve my issue. I then reloaded the entire PC from scratch, and now I am getting a heartbeat. What can cause this? I don't want to reload every PC (around 100) with issues!
This thread was automatically locked due to age.