Sophos Intercept X Registry Keys

Thank you for reaching the community,

For verifying the registry, you may refer to this documentation.

For update, if the endpoint is updating correctly, your endpoint status will show green/healthy status. You can also validate this by opening the Sophos UI and clicking "About," which can be seen on the lower right of the UI. A new window will appear, then click "Open Endpoint Self help tool". And go to the "Management Communication" tab once the new window appears.

Thank you for your reply

Unfortunately it does not solve my problem. I checked the documentation before and it says that it applies to: 

• Sophos Central Endpoint
• Sophos Endpoint Security and Control

I'm not exctly sure how to interpret Sophos Central Endpoint. I want to be able to check the registy for Sophos Intercept X - does it use the central endpoint? It's a bit unclear for me.

Based on documentation this is a value I'm interested in, but the registry key does not exist on my windows machine. 

There isn't really a supportable interface via the registry for this. Nothing that says "up to date" as such but if I had to pick something for up to date state:

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\UpdateStatus

Result = 0 is good and LastUpdateTime could be used to compare against the current time taking into account some window.

The policies from Sophos Central are stored here:HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy but as for a state that says it's working, maybe the Health status: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Status

As I say, this could all change and I think there is going to be a new set of health state under:

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\SharedState\ 

But it isn't fully available yet.