When a Sophos Firewall is registered with Sophos Central, your computers can send regular reports on their security status or health to the firewall. These reports are known as Security Heartbeats.
If a Security Heartbeat report shows that a computer might have been compromised, the firewall can restrict its network access. Both the Firewall and the Sophos Central administrators will also receive alerts advising them of the remedial action to restore the computer's health.
This article describes what the different endpoint health statuses mean.
The following sections are covered:
Applies to/from the following Sophos products and versions Sophos Central AdminCentral Windows Endpoint 11.5.0Central Endpoint Advanced 11.5.0Central Intercept X 11.5.0Sophos Firewall XG 210 v15.01.0Sophos Cloud Managed Server 1.4.0
If you are sensitive to security issues, you should take action if one of the following issues occur:
You do not need to do anything.
NOTE: Depending on the configuration of the firewall rules, clients with a Yellow or Red health state may have limited access to certain network zones.
The action that you take depends on the type of threat or event that has triggered the health status alert. See, Sophos Central Admin Help - Actions on alerts.
With the SafeGuard Enterprise 8 release, a new remove keys on compromised machines File Encryption option is available. If you enable this option, all keys in the user's keyring will be deleted on endpoint clients that are in a Red state, and the encrypted files will become inaccessible.
As soon as the client health status changes to Yellow or Green, the keys are automatically re-synchronized and the files will become accessible again.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.