All Sophos agent users get a notification ( Access to computer "x" denied because it may be unsafe). This notification gets recently all user, thing is that all users any users get other users notifications.
All Sophos agent users get a notification ( Access to computer "x" denied because it may be unsafe). This notification gets recently all user, thing is that all users any users get other users notifications.
Hi Ab Awal,
Good day.
Thanks for reaching out to the Sophos Community Forum.
When a device triggers a red health or missing Security Heartbeat alert, all other devices on the same subnet are informed that the device is unsafe.
If the unsafe device tries to access another device, you will see an event logged in Sophos Endpoint on the destination device:
Access request from computer <computer name> denied because it may be unsafe
If a device tries to access an unsafe device, you will see an event logged in Sophos Endpoint on the source device:
Access to computer <computer name> denied because it may be unsafe
You cannot override the rejected state on a rejected device locally. It must revert to a healthy status to allow access to or from the device.
I recommend you to check this article and see if the settings are turned on.
When you turn on the setting, it rejects connections to or from devices with red health or a missing Security Heartbeat.
You could also check and clear the red health status of the devices that are in red health on the subnet.
Hi Ab Awal,
Good day.
Thanks for reaching out to the Sophos Community Forum.
When a device triggers a red health or missing Security Heartbeat alert, all other devices on the same subnet are informed that the device is unsafe.
If the unsafe device tries to access another device, you will see an event logged in Sophos Endpoint on the destination device:
Access request from computer <computer name> denied because it may be unsafe
If a device tries to access an unsafe device, you will see an event logged in Sophos Endpoint on the source device:
Access to computer <computer name> denied because it may be unsafe
You cannot override the rejected state on a rejected device locally. It must revert to a healthy status to allow access to or from the device.
I recommend you to check this article and see if the settings are turned on.
When you turn on the setting, it rejects connections to or from devices with red health or a missing Security Heartbeat.
You could also check and clear the red health status of the devices that are in red health on the subnet.
Along with what Yogalakshmi said, note that red health can occur for multiple reasons. It may indicate that Intercept X is not functioning correctly on the endpoint, that an update failed partway through, or of course that the computer is infected or under attack.