We have been getting some "Policy non-compliance: Exploit Detection" alerts from some of our devices. These then return to compliance once the device was next powered on. This is great that they return to compliance, but there doesn't appear to be any information that I can see on the device or Central to indicate what triggered them in the first place.
I was thinking that maybe it is that the devices were missing an update. But if anyone else has any similar experience or knowledge on what may cause these alerts it would be much appreciated.
Hi Edward,
Thanks for reaching out to the Sophos Community Forum.
If you continue to experience this issue, I suggest trying to install the hotfix package for Intercept X. - Sophos Exploit Prevention cumulative hotfix
We have had some reports of policy compliance issues with the Intercept X components recently, which have been raised in the following development ticket ID.- WINEP-43969
This has since been resolved with the hotfix package.