Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Getting wrong Endpoint installed Status

Hello Together,

we are integrating Sophos Central to our MDM solution via the api and now have a problem with some of clients reporting incorrect status via api.

For example i take this client:

If i query it via the Sophos Central API this is the result of : api-eu02.central.sophos.com/.../xxxx-xxxx-4d32-b6b6-c1c99fd2ba62

{
    "id":  "xxxxx-5774-4d32-b6b6-c1c99fd2ba62",
    "type":  "computer",
    "tenant":  {
                   "id":  "xxxxx-f12b-4afa-93eb-bde28244732e"
               },
    "hostname":  "PC-105837",
    "health":  {
                   "overall":  "good",
                   "threats":  {
                                   "status":  "good"
                               },
                   "services":  {
                                    "status":  "good",
                                    "serviceDetails":  [
                                                           {
                                                               "name":  "HitmanPro.Alert service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Endpoint Defense",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Endpoint Defense Service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos File Scanner",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos File Scanner Service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos MCS Agent",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos MCS Client",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos NetFilter",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Network Threat Protection",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos System Protection Service",
                                                               "status":  "running"
                                                           }
                                                       ]
                                }
               },
    "os":  {
               "isServer":  false,
               "platform":  "windows",
               "name":  "Windows 10 Pro",
               "majorVersion":  10,
               "minorVersion":  0,
               "build":  19045
           },
    "ipv4Addresses":  [
                          "172.17.1.146"
                      ],
    "macAddresses":  [
                         "84:A9:3E:11:11:11"
                     ],
    "associatedPerson":  {
                             "viaLogin":  "domain\\user"
                         },
    "tamperProtectionEnabled":  true,
    "assignedProducts":  [
                             {
                                 "code":  "endpointProtection",
                                 "version":  "10.8.11.4",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "deviceEncryption",
                                 "version":  "2022.3.0.21",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "interceptX",
                                 "version":  "2022.1.3.3",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "coreAgent",
                                 "version":  "2022.4.2.1",
                                 "status":  "installed"
                             },
                             {
                                 "code":  "xdr",
                                 "version":  "2022.4.2.1",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "ztna",
                                 "version":  "2022.4.2.1",
                                 "status":  "notInstalled"
                             }
                         ],
    "lastSeenAt":  "2023-03-10T07:39:00.359Z",
    "encryption":  {
                       "volumes":  [
                                       {
                                           "volumeId":  "\\\\?\\Volume{d7976220-f522-4367-8367-f9835d4fec69}\\",
                                           "status":  "encrypted"
                                       }
                                   ]
                   }
}

There seems to be a mismatch between what the Sophos Central UI shows and what the API answers.

Does anyone have the same expierence ?



Updated Sophos API Result to 16.03.2023 - Still same issue
[edited by: Michael Schneider at 8:35 AM (GMT -7) on 16 Mar 2023]