Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 1716 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

all kinds of Sophos endpoint user get other users update notifications.

ab awal

All Sophos agent users get a notification ( Access to computer "x" denied because it may be unsafe). This notification gets recently all user, thing is that all users any users get other users notifications. 

 user agent



This thread was automatically locked due to age.
Parents
  • 0 in reply to ab awal

    Hi ,

    Good day.

    Thanks for reaching out to the Sophos Community Forum.

    When a device triggers a red health or missing Security Heartbeat alert, all other devices on the same subnet are informed that the device is unsafe.

    If the unsafe device tries to access another device, you will see an event logged in Sophos Endpoint on the destination device:

    Access request from computer <computer name> denied because it may be unsafe

    If a device tries to access an unsafe device, you will see an event logged in Sophos Endpoint on the source device:

    Access to computer <computer name> denied because it may be unsafe

    You cannot override the rejected state on a rejected device locally. It must revert to a healthy status to allow access to or from the device.

    I recommend you to check this article and see if the settings are turned on. 

    When you turn on the setting, it rejects connections to or from devices with red health or a missing Security Heartbeat.

    1. Go to My Products > General Settings > Reject Network Connections.
    2. Turn on Allow devices to reject connections from other devices with red health.
    3. Set up Exclusions if you need to.
    4. Click Save.

    You could also check and clear the red health status of the devices that are in red health on the subnet.

    Yogalakshmi
    Sophos Digital Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • 0 in reply to ab awal

    Hi ,

    Good day.

    Thanks for reaching out to the Sophos Community Forum.

    When a device triggers a red health or missing Security Heartbeat alert, all other devices on the same subnet are informed that the device is unsafe.

    If the unsafe device tries to access another device, you will see an event logged in Sophos Endpoint on the destination device:

    Access request from computer <computer name> denied because it may be unsafe

    If a device tries to access an unsafe device, you will see an event logged in Sophos Endpoint on the source device:

    Access to computer <computer name> denied because it may be unsafe

    You cannot override the rejected state on a rejected device locally. It must revert to a healthy status to allow access to or from the device.

    I recommend you to check this article and see if the settings are turned on. 

    When you turn on the setting, it rejects connections to or from devices with red health or a missing Security Heartbeat.

    1. Go to My Products > General Settings > Reject Network Connections.
    2. Turn on Allow devices to reject connections from other devices with red health.
    3. Set up Exclusions if you need to.
    4. Click Save.

    You could also check and clear the red health status of the devices that are in red health on the subnet.

    Yogalakshmi
    Sophos Digital Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
  • 0 in reply to Yogalakshmi

    Along with what Yogalakshmi said, note that red health can occur for multiple reasons. It may indicate that Intercept X is not functioning correctly on the endpoint, that an update failed partway through, or of course that the computer is infected or under attack.

Unfiltered HTML