Hi,
We use the Endpoint Peripheral Control policy Blocked Bridged to disabled the WiFi Adapter when a wired connection is available. We're a highly mobile workforce and staff will work via wired connection when in office and on WiFi typically when working from home. Increasingly we're seeing staff working from home reporting being unable to connect and when we check we see the WiFi Adapter is showing as Disabled on Windows 10 22H2.
I've checked a couple of logs in c:\programdata\sophos\endpoint defence\logs on the latest laptop returned to base for investigation. SSP.log & SSPDevCon.log seem to have relevant entries. In the SSP.log I see the last reference to Wireless is this:
2024-06-05T10:59:02.145Z [ 4688: 2976] A DeviceControl: Use of controlled device type 'wireless' enabled: deviceId=PCI\VEN_8086&DEV_9DF0&SUBSYS_42348086&REV_30\3&11583659&0&A3, status=present
In the SSPDevCon.log file I see this as the last reference to the Wireless Adapter:
2024-06-05T10:58:52.740Z [18684: 4568] A "C:\\Program Files\\Sophos\\Endpoint Defense\\SSPDevCon.exe" enable PCI\VEN_8086&DEV_9DF0&SUBSYS_42348086&REV_30\3&11583659&0&A3
2024-06-05T10:59:02.113Z [18684: 4568] A SetDeviceState attempt 0 success
If I believe the above the Wireless adapter should be enabled on this device, however, it is Disabled when I check in Windows. How accurate are these log entries for Device Control, is any verification done?
Is there anything can try before I choose to ditch Sophos Peripheral Control policy and revert to native Dell BIOS feature to sense and manage network adapters instead? The Dell BIOS entries to manage this feature are currently disabled so shouldnt be conflicting.
We're running FTS 2023.2.2.6 but this issue isnt a new occurence and happened on older versions as well. I logged a support ticket for this two weeks ago. The issue seems to be random and I havent yet been able to replicate on demand.
Thanks for any suggestions.
Andy.
