HitmanPro.Alert 3.6.9 Causes Exploit Detection Non Compliance

After Sophos updated the version of HitmanProAlert  to version 3.6.9, All of my PC's are getting Exploit Detection Non Compliant alerts. After exactly two hours in this state they then go into compliance for 30 minutes and then repeat this process. Sophos Support says its an issue where the HitmanPro service is shutting down before the Management Communication System Service which is causing the trigger. They have yet to figure out how to fix this issue. Is anyone else seeing this issue? Does anyone have any suggestions of how to fix?

  • Sophos Support finally responded that this is a known issue with the latest HitmanPro.Alert update. The development team is working on a fix.

  • I'm getting this as well.  October 14th -- none of these.  October 15th -- hammered with them.

  • Same here. Still no fix 

  • Same here, absolutely swamped with them.

  • Same here, I have around 200 endpoints with alerts about " Policy non-compliance: Exploit Detection." I have not reported it or submitted a case on it quite yet due to not knowing if this one on my end, or on Sophos end. But now I know it is on their end.

     

    I will still open a case so that they can see this a wide issue and hopefully fix the issue sooner.

     

    -Chris

  • In reply to Chris Rodriguez:

    I opened a case for the same reason.

  • I was just talking with our manager about that a few minutes ago. We're hit with a ton of them, glad to know we're not the only ones.

  • I have been experiencing that too.  Very frustrating.  I thought Sophos Central would make things a lot easier to manage.  Not the case.  I've put in more phone calls in less than a year than I had my prior six years not being on Sophos Central.   Has anyone received an ETA on a fix?  Does it mean that  HMP is not working on the PCs that are generating that message.

  • In reply to Rick DeFilippo:

    I completely feel the same way. Ever since I started this migration over from Sophos On-Premise to Sophos Central, it has been a nightmare that I wish I could take back. I started this project at my company, hoping for greater things and all it has been is very frustrating nights of pain errors after errors. I am the same way, I had never had to call Sophos as much as I am doing now.

     

    One Sophos tech just responded with the following:

    Please Enabling a diagnostic message trail of Sophos MCS as per below KB on one machine and acknowledge the error and send it to me after issue happened again.

     

    Not sure what that means, but I will have them call me and see what update I can provide for all of us having this issue.

  • i have the same problem.

    can you advise how to fixe this ?

    thanks

  • We also have this problem. Exactly the same.

  • Same thing here. Every one of our Intercept X users is getting this message repeatedly in the Event logs, and generating alerts that they are not compliant with the Exploit Detection Policy. 

  • In reply to Dustin Garden:

    Still happening for us

  • Same issue at my job. I've contacted Sophos sent them SDU logs and they couldn't determine the issue. Also, we had a spike in policy violations around 14,000 in two days. This started happening after the last maintenance they did.

     

    In Sophos Endpoint Self Help I see Management Communication errors on all of the computers with Policy non-compliance: Exploit Detection issues.

    Failed error '504 Gateway Time-out'. We have around 300 computers with Policy non-compliance: Exploit Detection alerts.

  • Seeing the same thing here....the support technician I have been working with seems clueless to this being an overall bug.