This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Peripherals added to exemptions list still being blocked?

We've recently seen (in the last week or so) issues where I've added something to the exemptions list and the user is still getting notice that the device is blocked when they plug it in.  I check Sophos Central, and the device is listed on the exemptions list for their policy, but it's still being blocked.  Anyone else seeing this?



This thread was automatically locked due to age.
Parents
  • Hi Josh,

    We apologize for the inconvenience. Our development is aware of these issues and further updates shall be shared as and when available in this KBA.

    Changing Sophos Web Control & Peripheral Control Policies are causing them to render disabled on the endpoint

    Thanks,

    VS

  • Thanks for the quick reply.  After looking at the article you linked, I'm not sure that's the issue we are having.  "Customers that modify or clone an existing Web Control or Peripheral Control policy will see that the policy sent down to the endpoint is disabled." We haven't modified or cloned any policies recently, the only changes have been to add items to the exemptions list, unless that counts as Modifying.  No other settings have been changed in any of these policies.    I'm also not sure where to see that the policy sent down is disabled.  One laptop I'm looking at now shows that it's got the correct Peripheral Control policy.  Also, it doesn't look like the policy is disabled, it's enabled and blocking devices that it shouldn't be blocking.

    We've seen it a couple times so far this week and have noticed a some interesting things.  One of them if we added the device to the exemptions list by Model instead of ID, it worked.   And when it was switched back to ID it was blocked again.   Another one I noticed that an exempted device (a camera) was being blocked.  I logged into the laptop and noted that initially it popped up that the device was blocked (which is weird, since my account is in a policy that is set to "Monitor but not block") and about a minute later it unblocked and was usable.  Then I had the user log back into the laptop and she could now use the device to get the pictures she needed.  About 15 min later she contacted me and the camera is being blocked again along with her Bluetooth headphones which were exempted months ago. 

    Just to add a bit more hopefully useful information, my AD account has local Admin rights on our endpoints, the normal users do not have any admin rights.  And as previously stated, my account is also in a policy at the top of the list that is set to "Monitor but do not block"

  • Hi Josh,

    We have been made aware of a Bug which matches what you're experiencing. Development have found out the root cause and a fix should be planned for release. If you have a support case with us, let me know and I'll share more details. 

    Thanks,

    VS

  • Yes, I have been working with Support on this issue.  I have case #8532751 open with them and received an email that they've identified the issue and are working on a fix.

  • Hello everyone

    I also have the same problem. In our case, we were unable to release the devices by ID or by model.
    We are urgently awaiting correction. We've already done the deploy on our entire network.
    Open case number 8573294.

  • We got word last week that the update to Sophos Central will be rolled out on the 19th.

Reply Children
No Data