Getting wrong Endpoint installed Status

Hello Together,

we are integrating Sophos Central to our MDM solution via the api and now have a problem with some of clients reporting incorrect status via api.

For example i take this client:

If i query it via the Sophos Central API this is the result of : api-eu02.central.sophos.com/.../xxxx-xxxx-4d32-b6b6-c1c99fd2ba62

{
    "id":  "xxxxx-5774-4d32-b6b6-c1c99fd2ba62",
    "type":  "computer",
    "tenant":  {
                   "id":  "xxxxx-f12b-4afa-93eb-bde28244732e"
               },
    "hostname":  "PC-105837",
    "health":  {
                   "overall":  "good",
                   "threats":  {
                                   "status":  "good"
                               },
                   "services":  {
                                    "status":  "good",
                                    "serviceDetails":  [
                                                           {
                                                               "name":  "HitmanPro.Alert service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Endpoint Defense",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Endpoint Defense Service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos File Scanner",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos File Scanner Service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos MCS Agent",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos MCS Client",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos NetFilter",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Network Threat Protection",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos System Protection Service",
                                                               "status":  "running"
                                                           }
                                                       ]
                                }
               },
    "os":  {
               "isServer":  false,
               "platform":  "windows",
               "name":  "Windows 10 Pro",
               "majorVersion":  10,
               "minorVersion":  0,
               "build":  19045
           },
    "ipv4Addresses":  [
                          "172.17.1.146"
                      ],
    "macAddresses":  [
                         "84:A9:3E:11:11:11"
                     ],
    "associatedPerson":  {
                             "viaLogin":  "domain\\user"
                         },
    "tamperProtectionEnabled":  true,
    "assignedProducts":  [
                             {
                                 "code":  "endpointProtection",
                                 "version":  "10.8.11.4",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "deviceEncryption",
                                 "version":  "2022.3.0.21",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "interceptX",
                                 "version":  "2022.1.3.3",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "coreAgent",
                                 "version":  "2022.4.2.1",
                                 "status":  "installed"
                             },
                             {
                                 "code":  "xdr",
                                 "version":  "2022.4.2.1",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "ztna",
                                 "version":  "2022.4.2.1",
                                 "status":  "notInstalled"
                             }
                         ],
    "lastSeenAt":  "2023-03-10T07:39:00.359Z",
    "encryption":  {
                       "volumes":  [
                                       {
                                           "volumeId":  "\\\\?\\Volume{d7976220-f522-4367-8367-f9835d4fec69}\\",
                                           "status":  "encrypted"
                                       }
                                   ]
                   }
}

There seems to be a mismatch between what the Sophos Central UI shows and what the API answers.

Does anyone have the same expierence ?



Updated Sophos API Result to 16.03.2023 - Still same issue
[edited by: Michael Schneider at 8:35 AM (GMT -7) on 16 Mar 2023]