Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
We are using Sophos Central and use basic Endpoint Protection, InterceptX Advanced and Encryption - Windows 10 Education 21H2 clients.
Desktops get Endpoint protection + InterceptX
Laptops get Endpoint protection, InterceptX and Encryption.
I now have hundreds of clients that only have the 'Core Agent' installed. Machines that I iinstalled either InterceptX or Encryption on have had those products removed, sometimes after just one reboot. The clients are not logging this behaviour. I can confirm that all products are correctly assigned in Sophos Central and that no policies have been edited for at least 12 months.
Is anybody else seeing anything like this? Regarding the encryption - Sophos Central is stating that Encryption is not installed (as is the client) yet the Windows Bitlocker component is still on the laptop and accepting the user's startup PIN.
I'm at a loss as to what is going on.
Apologies - could somebody move this to the Sophos Central section please? Thanks
I have seen this behavior only in environments where the license had been expired for a while. Can you please verify that you have a valid license - click your account name (upper right of the user interface), select Licensing. .
Thanks Marcel. According to Sophos Central I can confirm that our current licence runs until Mar 31, 2023
In that case I would recommend to open a support case via the support portal: https://support.sophos.com/. In the lower right from the support portal you will also see an option to chat directly with the support team.
Thank you for reaching the Community Forum,Can you confirm if the tamper protection, which can be found on your Global policy, is Turned On? If not, you may need to turn it on to secure your endpoint application from sudden removal. This setting should be turned On as part of the recommended settings. In addition, can you confirm if there’s any uninstall script running in the background that may cause this sudden uninstallation of your endpoint application? You may need to verify this on your servers or use Autoruns.exe and run it on the affected device to see. Mostly you need to check the script under Scheduled task. BitLocker will still work for your Device encryption, even if device encryption is not installed on your system. However, the downside is that you won't be able to manage on your Sophos central, and retrieving the recovery key may be impossible if the key is not saved on the local desktop or is lost. You need tp push the device encryption via Sophos central if you wish to start managing them.