Getting wrong Endpoint installed Status

Hello Together,

we are integrating Sophos Central to our MDM solution via the api and now have a problem with some of clients reporting incorrect status via api.

For example i take this client:

If i query it via the Sophos Central API this is the result of : api-eu02.central.sophos.com/.../xxxx-xxxx-4d32-b6b6-c1c99fd2ba62

{
    "id":  "xxxxx-5774-4d32-b6b6-c1c99fd2ba62",
    "type":  "computer",
    "tenant":  {
                   "id":  "xxxxx-f12b-4afa-93eb-bde28244732e"
               },
    "hostname":  "PC-105837",
    "health":  {
                   "overall":  "good",
                   "threats":  {
                                   "status":  "good"
                               },
                   "services":  {
                                    "status":  "good",
                                    "serviceDetails":  [
                                                           {
                                                               "name":  "HitmanPro.Alert service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Endpoint Defense",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Endpoint Defense Service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos File Scanner",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos File Scanner Service",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos MCS Agent",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos MCS Client",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos NetFilter",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos Network Threat Protection",
                                                               "status":  "running"
                                                           },
                                                           {
                                                               "name":  "Sophos System Protection Service",
                                                               "status":  "running"
                                                           }
                                                       ]
                                }
               },
    "os":  {
               "isServer":  false,
               "platform":  "windows",
               "name":  "Windows 10 Pro",
               "majorVersion":  10,
               "minorVersion":  0,
               "build":  19045
           },
    "ipv4Addresses":  [
                          "172.17.1.146"
                      ],
    "macAddresses":  [
                         "84:A9:3E:11:11:11"
                     ],
    "associatedPerson":  {
                             "viaLogin":  "domain\\user"
                         },
    "tamperProtectionEnabled":  true,
    "assignedProducts":  [
                             {
                                 "code":  "endpointProtection",
                                 "version":  "10.8.11.4",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "deviceEncryption",
                                 "version":  "2022.3.0.21",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "interceptX",
                                 "version":  "2022.1.3.3",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "coreAgent",
                                 "version":  "2022.4.2.1",
                                 "status":  "installed"
                             },
                             {
                                 "code":  "xdr",
                                 "version":  "2022.4.2.1",
                                 "status":  "notInstalled"
                             },
                             {
                                 "code":  "ztna",
                                 "version":  "2022.4.2.1",
                                 "status":  "notInstalled"
                             }
                         ],
    "lastSeenAt":  "2023-03-10T07:39:00.359Z",
    "encryption":  {
                       "volumes":  [
                                       {
                                           "volumeId":  "\\\\?\\Volume{d7976220-f522-4367-8367-f9835d4fec69}\\",
                                           "status":  "encrypted"
                                       }
                                   ]
                   }
}

There seems to be a mismatch between what the Sophos Central UI shows and what the API answers.

Does anyone have the same expierence ?

Updated Sophos API Result to 16.03.2023 - Still same issue
[edited by: Michael Schneider at 8:35 AM (GMT -7) on 16 Mar 2023]

Top Replies

Sophos User930 over 1 year ago +1

Which bit, I'm playing spot the difference here? :) Thanks.

Parents

0 Michael Schneider over 1 year ago

Anyone?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Michael Schneider over 1 year ago in reply to Michael Schneider

I get a hint from an Sophos Employee.
The status seems to not actually reflect the actual status of the endpoint and instead some "should be value".
Via the Sophos Central UI via selected the client and Removed and Redadded every Software Module via "Manage Software".
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Michael Schneider over 1 year ago in reply to Michael Schneider

I get a hint from an Sophos Employee.
The status seems to not actually reflect the actual status of the endpoint and instead some "should be value".
Via the Sophos Central UI via selected the client and Removed and Redadded every Software Module via "Manage Software".
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data