A device is not encrypted - Alerts when enrolling new endpoints are creating noise.

Hello,

To give context, our leadership and information security team are concerned with alerts that I coming from Sophos. Their concerns are valid considering the email titles are: Alert for Sophos Central [*****]: A device is not encrypted.

However, these are false alerts that are only occurring when we are adding new endpoints to our environment and putting Sophos Central on the devices. We are looking for a way to minimize this noise. What I assume is happening is that there is a period after install for all the 'check boxes' to be checked before reading as encrypted and the alert is going out before those checks are being met.

We have scaled back the alerting to hourly, but that doesn't seem to be helping. Any ideas?

Added tags
[edited by: Gladys at 7:59 AM (GMT -8) on 20 Nov 2023]

0 Gladys 6 months ago

Hi Zachary Balazs ,

Thank you for reaching out to the Sophos Community Forum.

This error could occur if the user has postponed encryption when the policy was applied. Is it possible that this has happened? Could you please confirm the current encryption status of these devices on Central?

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Zachary Balazs 6 months ago in reply to Gladys

Our typical procedure is as follows:

Image our new device

Decrypt the drive that comes standard on the device

Install Sophos Cloud

Reboot the device in order to start encryption

--------

Here are the events from the device:

Nov 2, 2023 2:54 PM
The Device Encryption status changed from In progress to Encrypted.
Nov 2, 2023 2:46 PM
The Device Encryption status changed from Not encrypted to In progress.
Nov 2, 2023 2:42 PM
Device is not encrypted.
Nov 2, 2023 2:42 PM
Update succeeded
Nov 2, 2023 2:40 PM
A BitLocker recovery key has been received from: *****
Nov 2, 2023 2:40 PM
Device is not encrypted.
Nov 2, 2023 2:40 PM
The Device Encryption status changed from Unmanaged to Not encrypted.
Nov 2, 2023 2:37 PM
The Device Encryption status changed from Not available to Unmanaged.
Nov 2, 2023 2:37 PM
Update succeeded
Nov 2, 2023 2:36 PM
New computer registered: *****
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 LHerzog 6 months ago in reply to Zachary Balazs

I can confirm the same from our side and it is as Zachary Balazs wrote, only creating useless and dangerous noise. Here also Mgmt frequently asks what this and that alert is from. Then they say: if there is no danger, why is it sending alerts? We can only answer: because it's Sophos design.

Unfortunately due to the noise these alerts make, we use to ignore them.

That should be catched up by Central Endpoint. e.g. send a notification from device to Central that it should suppress unencrypted alerts for a day or so.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gladys 6 months ago in reply to LHerzog

Hi LHerzog ,

Thank you for confirming. This will need to be raised as a feature request. I will be reaching out to you and Zachary Balazs via private message for more information.

Thank you.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 GlennSen 6 months ago in reply to Zachary Balazs

Hello Zachary,

We have raised the said query internally, and they have advised us that you need to raise a support case to further investigate. Once you've created the case share the case ID to us to provide more information on the case.

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel