Sophos Central Endpoint: Remotely fixing "Failed to Protect Computer" or "Missing Services"

Question

Does anyone have any experience in remotely fixing computers that are reporting to Sophos Central with an alert of "Failed to Protect Computer" or showing a bad status with "Services Missing or not Running"? When I say remotely, these are computers spread across many customer sites (schools), and in most cases they are domain based computers, and we do have admin access to on-site servers, so i am hoping that it might be possible to do something with scripting and group policy. I'm thinking that I might be able to script the steps in this article Sophos Central: Sophos Endpoint Self Help - Services for the missing services, and script a "re-install" for computers where absolutely no services are listed following an initial attempt at installation. The product we are installing is Intercept X Advanced. By the way, does anyone know where there is an official list of the services that should be present and running for the Sophos Intercept X Advanced product for Windows endpoints? 
 Anyway, any practical advice from the community will be greatly appreciated.

Services that I think are the ones we should see for Sophos Intercept X 
 Example of what we see for some computers - lots of "old" services?

GlennSen · Answer

Hello Russell, Thank you for reaching the community forum. There are many variables that may render you to perform a remote fix, but the self-help tool is what you're looking for in such issues with Services not running/ missing. Creating a script for this is of great help in dealing with such issues listed in the article, but it may not help if the issue is outside of the scope listed on it and require further investigations. Seeing a bad status device on your Dashboard has a lot to consider, as many causes may trigger it that can't be solved remotely via a script, so the answer to your question may depend on what issue you're currently dealing with. Still, a total remote fix may not be possible through the script, but our support team is what instances. On the other hand, based on what I can see on the screenshot you've shared, It looks like those devices you see with lots of old services may have some issues with AutoUpdate services and weren't able to get the latest update which caused to report a bad status on your central dashboard. Dealing with such issues needs further investigation and log-checking to pinpoint the cause of it, especially since each environment of your customers is unique and has a different set from one another.

Sophos Central Endpoint: Remotely fixing "Failed to Protect Computer" or "Missing Services"

Top Replies