I have installed sophos intercept X advance with XDR on a apple computer of a client. After the installation i let it make a full scan like always do. To my surprise the client called me, that there was a mallware detected on his computer. The dashboard of the Sophos Partner Portal nor the Sophos Central dashboard show anything of this detection. To see the thread i have to click on the client his computer and look under status. There i do see that the thread is placed under quarantine. But this is the information that i want to see in my dashboard not hear from the client. Is there a setting somewhere that i should have turned on so it does register these things in the Dashboard?
Hello Roland,Thank you for reaching the community forum regarding this detection that you see, which didn’t send any alert on your central dashboard or partner portal. Can you share with us the screenshot of this detection showing on the PC and the alert seen under the device when you toggle on your device list?
Thank you for your awnser. The detection took place on Friday the last time I checked the system was on Saturday and nothing was visible yet. I just opened the system and now it does show the detection. It even say that it couldn't clean the files while on the computer of the client it shows that it was placed in quarantine. So the visibility of the thread takes 2 or 3 days to get visible in my portal.
This image is of the partner dashboard that now do show the alert that wasn't shown on Saturday still
This is the alert in the client his portal. I already pressed the button Clean Up hopefully that will now really clean up the malware
Hello Roland,Thank you for sharing the details of what happened. When the detection happened, was the device not online or connected to the internet? Does the user experience any internet issues when this happens, or was he/she connected to a network where internet access is restricted? The above variables may cause delays in registering the alert on central. If what was stated above didn’t happen and you wish to further investigate and find out why there’s a delay in reflecting the alert on your central/Partner dashboard, I would suggest you raise a support case to further investigate the said issue.
No she doesn't have any restrictions in her internet. The only thing I can think of is that the delay has something todo with the fact that the detection was so shortly after i installed it on her machine. After she called about the detection i was able to login remotely without any problems so her internet connection was working ok as well.
I will see if this is an incident or that it happens always. If it is an incident it is no problem but if it occures with other detections as well i will make a support ticket of it. Thank you for your help.
Thank you Roland, You can keep us posted on this thread if ever the same behavior occurs again in the future.
Ok thank you for your help and i will