Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hello,
we have continuous problem with the heartbeat for some users.
The endpoint is green and fine but in central it's red.
Here the last log during the problem (heartbeat log)
a 2021-06-23T06:45:27.764Z [5880:8000] - Received request to enable enhanced application control a 2021-06-23T06:45:27.771Z [5880:8000] - Sending login status. a 2021-06-23T06:45:28.098Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe a 2021-06-23T06:45:28.138Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe a 2021-06-23T06:45:41.410Z [5880:8000] - Sending health status: {"admin":1, "health":1, "service":1, "threat":1} a 2021-06-23T07:15:11.868Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe a 2021-06-23T10:22:33.571Z [5880:7476] - ---------------------------------------------------------------------------------------------------- a 2021-06-23T10:22:33.572Z [5880:7476] - Stopped Heartbeat a 2021-06-23T10:22:33.572Z [5880:7476] - ---------------------------------------------------------------------------------------------------- a 2021-06-23T10:22:37.665Z [19648:19496] - ---------------------------------------------------------------------------------------------------- a 2021-06-23T10:22:37.666Z [19648:19496] - Starting Heartbeat version 1.11.194.0 a 2021-06-23T10:22:37.666Z [19648:19496] - ---------------------------------------------------------------------------------------------------- a 2021-06-23T10:22:38.124Z [19648:16596] - Connection succeeded. a 2021-06-23T10:22:38.125Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347 a 2021-06-23T10:22:38.140Z [19648:16596] - Sending network status. Active Interfaces: MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7 MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034 a 2021-06-23T10:22:38.400Z [19648:16596] - Received request to enable enhanced application control a 2021-06-23T10:22:38.400Z [19648:16596] - Sending login status. a 2021-06-23T10:22:52.077Z [19648:16596] - Sending health status: {"health":3} a 2021-06-23T10:51:43.762Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe a 2021-06-23T11:31:11.576Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe a 2021-06-23T12:44:45.877Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe a 2021-06-23T13:58:12.169Z [19648:16596] - Connection closed (network error). a 2021-06-23T13:58:13.181Z [19648:16596] - Connection failed. a 2021-06-23T14:08:02.495Z [19648:16596] - Connection succeeded. a 2021-06-23T14:08:02.496Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347 a 2021-06-23T14:08:02.510Z [19648:16596] - Sending network status. Active Interfaces: MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7 MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034 a 2021-06-23T14:08:02.738Z [19648:16596] - Received request to enable enhanced application control a 2021-06-23T14:08:02.741Z [19648:16596] - Sending login status. a 2021-06-23T14:08:03.244Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe a 2021-06-23T14:08:13.160Z [19648:16596] - Sending health status: {"health":3} a 2021-06-23T14:54:57.625Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe a 2021-06-23T14:54:57.655Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe a 2021-06-23T15:31:08.146Z [19648:16596] - Sending network status. Active Interfaces: MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034 a 2021-06-23T15:31:15.057Z [19648:16596] - Connection closed (network error). a 2021-06-23T15:31:37.141Z [19648:16596] - Connection failed. a 2021-06-23T15:31:52.423Z [19648:16596] - Connection succeeded. a 2021-06-23T15:31:52.423Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347 a 2021-06-23T15:31:52.438Z [19648:16596] - Sending network status. Active Interfaces: MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7 MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034 a 2021-06-23T15:31:52.450Z [19648:16596] - Connection closed (network error). a 2021-06-23T15:31:53.728Z [19648:16596] - Connection succeeded. a 2021-06-23T15:31:53.729Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347 a 2021-06-23T15:31:53.747Z [19648:16596] - Sending network status. Active Interfaces: MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7 MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034 a 2021-06-23T15:31:53.761Z [19648:16596] - Connection closed (network error). a 2021-06-23T15:31:55.000Z [19648:16596] - Connection succeeded. a 2021-06-23T15:31:55.000Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347 a 2021-06-23T15:31:55.015Z [19648:16596] - Sending network status. Active Interfaces: MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7 MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034 a 2021-06-23T15:31:55.145Z [19648:16596] - Received request to enable enhanced application control a 2021-06-23T15:31:55.146Z [19648:16596] - Sending login status. a 2021-06-23T15:32:03.612Z [19648:16596] - Sending health status: {"health":3} a 2021-06-23T17:38:13.918Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe a 2021-06-23T21:41:06.153Z [19648:16596] - Connection closed (network error). a 2021-06-24T06:29:22.504Z [19648:16596] - Connection failed. a 2021-06-24T06:31:26.179Z [19648:16596] - Connection succeeded. a 2021-06-24T06:31:26.179Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347 a 2021-06-24T06:31:26.193Z [19648:16596] - Sending network status. Active Interfaces: MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.21 - INET6: fe80::507c:e745:b4b8:e1e7 MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034 a 2021-06-24T06:31:26.483Z [19648:16596] - Received request to enable enhanced application control a 2021-06-24T06:31:26.483Z [19648:16596] - Sending login status. a 2021-06-24T06:31:27.846Z [19648:16596] - Sending health status: {"health":3} a 2021-06-24T06:32:03.946Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe a 2021-06-24T06:32:03.995Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe a 2021-06-24T06:32:33.202Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe a 2021-06-24T06:35:38.958Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
We already contact the Sophos support... 1 month to have the reply from the support. You can imagin that we trying different ways to solve the problem, a momentary solution is re install Sophos but it's not for always.
Thank you !
Hi Julian Cast, Thanks for reaching out to Sophos Community.Is this issue happening with some specific machine or randomly exhibits in any of the Machine?If you have any ongoing case with the same issues, Please share the Case ID via DM so that I can check the details
Hi ,
the case is 04136814 . It's on 2 specific computers. I had a call of 1 hour with the support sophos 30 minutes ago but actually he doesn't found the origin of the problem. He normally come back to me tomorrow.
thank you !
no news since 6 days.. Can you help me to move on on this issue?
Thank you
Julian Cast said:The endpoint is green and fine but in central it's red.
Can you please confirm which side is red and which is green?
Your topic describes it the other way around: "Red in XG but green in Central".
We have a case 04121743 open for the issue described here: https://community.sophos.com/intercept-x-endpoint/f/discussions/128370/endpoint-reporting-heartbeat-status-red-but-why
We have some clients that are unregularly at risk on XG but in central all is shown as OK.
AS you can see, the heartbeat status switching every minutes ! In central it's green fixed...
Same for me, some clients have the problem. Can you check your log if you see the same? Switching every minutes for the affected computers?
Check the Endpoint log at the same time. Do you see the network connection errors at the same time?
__________________________________________________________________________________________________________________
Can you tell me the path of the log i need to check?
that's the very same for us. and on the XG it's always flapping between 1 and 3 in heartbeat.log. Maybe this is happening when the computers are idle. It only happens for a small percentage of devices but I want to know why they appear risky to XG.
I will mention your case number in my support case. Currently they want me to re-register the XG into central because they cannot put fwcm-heartbeatd.log into debug. See my post community.sophos.com/.../logging-heartbeat-vs-fwcm-heartbeatd-500-opcode-failed
I will try this command thank you