Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Good morning everyone,
Is it possible to use Security Heartbeat on computers that have Windows installed and are not updated via Windows Update?
I know and we have applied Security Heartbeat where the endpoint is not up to date restricts internet access (green, yellow or unrestricted).
I await comments or help on how to proceed with this.
Thank you for reaching out to Sophos Community.
I'll be moving your post to Sophos Endpoint Forums.
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Thank you for reaching us,It is not possible to use Heartbeat in an environment where internet access isn’t allowed, as your endpoint will always get isolated once heartbeat is triggered due to an endpoint update issue. However, if you deploy the Message relay and update the cache server on this Isolated network and allow all endpoints on this network to update via this server, then it’s possible. You may refer to this documentation on how update cache and message relay works
I don't know if I managed to explain it right.
We have about 100 computers on our network, all running Windows.Some computers are not up to date on Windows Update.I already wanted to use Security Heartbeat in this case.
Windows not updated, already cuts the computer's internet and alerts me to perform the update on it.
This is likely due to the endpoints not having an active heartbeat connection to the firewall. Do you see any network driver updates included in the pending Windows Update?
Try checking if you have "Block clients with no heartbeat" selected. You can find this on the firewall rule you have configured.