False trigger or a potential threat?

Hi Maroun Moussallem ,

Good day!

Thanks for reaching out to the Sophos Community Forum.  

This can happen if the option to block clients with no heartbeat is turned on in your firewall rule and the internal/external DNS is configured as the primary DNS on the firewall. This primary DNS will not be resolved, as the client is blocked from resolving it when the firewall rule blocks clients with no heartbeat.

• Make sure that all your endpoints have access to the network to get the new certificate from Sophos Central.
• Temporarily turn off Block clients with no heartbeat in the firewall rule if the internal DNS resolution fails. Turn it on once the endpoints are updated.

Please refer to this article for more information.

hi Yogalakshmi ,

Thank you for your support,

Idk if I described my issue well, an email that I received recently, on the computer nothing looks strange after investigating, sophos is saying that it might be compromised.

Please check the below,

Sophos Central Event Details

What happened: A computer is no longer sending security heartbeat signals to the Sophos Firewall but is still sending network traffic. The computer may be compromised.

How severe it is: High

What Sophos has done so far: The Sophos Firewall may have restricted the computer’s network access (depending on the policy your company set).

What you need to do: Contact the Sophos Firewall administrator to find out more.