Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Heartbeat - Red in XG but green in Central

Hello,

we have continuous problem with the heartbeat for some users. 

The endpoint is green and fine but in central it's red. 

Here the last log during the problem (heartbeat log)

a 2021-06-23T06:45:27.764Z [5880:8000] - Received request to enable enhanced application control
a 2021-06-23T06:45:27.771Z [5880:8000] - Sending login status.
a 2021-06-23T06:45:28.098Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T06:45:28.138Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T06:45:41.410Z [5880:8000] - Sending health status: {"admin":1, "health":1, "service":1, "threat":1}
a 2021-06-23T07:15:11.868Z [5880:8000] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T10:22:33.571Z [5880:7476] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:33.572Z [5880:7476] - Stopped Heartbeat
a 2021-06-23T10:22:33.572Z [5880:7476] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:37.665Z [19648:19496] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:37.666Z [19648:19496] - Starting Heartbeat version 1.11.194.0
a 2021-06-23T10:22:37.666Z [19648:19496] - ----------------------------------------------------------------------------------------------------
a 2021-06-23T10:22:38.124Z [19648:16596] - Connection succeeded.
a 2021-06-23T10:22:38.125Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T10:22:38.140Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T10:22:38.400Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T10:22:38.400Z [19648:16596] - Sending login status.
a 2021-06-23T10:22:52.077Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T10:51:43.762Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T11:31:11.576Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T12:44:45.877Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe
a 2021-06-23T13:58:12.169Z [19648:16596] - Connection closed (network error).
a 2021-06-23T13:58:13.181Z [19648:16596] - Connection failed.
a 2021-06-23T14:08:02.495Z [19648:16596] - Connection succeeded.
a 2021-06-23T14:08:02.496Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T14:08:02.510Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.22 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T14:08:02.738Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T14:08:02.741Z [19648:16596] - Sending login status.
a 2021-06-23T14:08:03.244Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe
a 2021-06-23T14:08:13.160Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T14:54:57.625Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T14:54:57.655Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-23T15:31:08.146Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:15.057Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:37.141Z [19648:16596] - Connection failed.
a 2021-06-23T15:31:52.423Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:52.423Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:52.438Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:52.450Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:53.728Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:53.729Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:53.747Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:53.761Z [19648:16596] - Connection closed (network error).
a 2021-06-23T15:31:55.000Z [19648:16596] - Connection succeeded.
a 2021-06-23T15:31:55.000Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-23T15:31:55.015Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.9 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-23T15:31:55.145Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-23T15:31:55.146Z [19648:16596] - Sending login status.
a 2021-06-23T15:32:03.612Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-23T17:38:13.918Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\microsoft\edgeupdate\microsoftedgeupdate.exe
a 2021-06-23T21:41:06.153Z [19648:16596] - Connection closed (network error).
a 2021-06-24T06:29:22.504Z [19648:16596] - Connection failed.
a 2021-06-24T06:31:26.179Z [19648:16596] - Connection succeeded.
a 2021-06-24T06:31:26.179Z [19648:16596] - Connected to '3a343c11-a991-4d63-ab52-1df31f3ce352' at IP address 52.5.76.173 on port 8347
a 2021-06-24T06:31:26.193Z [19648:16596] - Sending network status. Active Interfaces:
MAC: 00:FF:39:01:DF:1B - INET: 192.168.181.21 - INET6: fe80::507c:e745:b4b8:e1e7
MAC: 24:41:8C:31:94:12 - INET: 192.168.1.3 - INET6: fe80::10a7:ca61:5e5e:2034
a 2021-06-24T06:31:26.483Z [19648:16596] - Received request to enable enhanced application control
a 2021-06-24T06:31:26.483Z [19648:16596] - Sending login status.
a 2021-06-24T06:31:27.846Z [19648:16596] - Sending health status: {"health":3}
a 2021-06-24T06:32:03.946Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-24T06:32:03.995Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\internet explorer\iexplore.exe
a 2021-06-24T06:32:33.202Z [19648:16596] - Received request to disable enhanced application control for C:\program files\internet explorer\iexplore.exe
a 2021-06-24T06:35:38.958Z [19648:16596] - Received request to disable enhanced application control for C:\program files (x86)\google\chrome\application\chrome.exe

We already contact the Sophos support... 1 month to have the reply from the support. You can imagin that we trying different ways to solve the problem, a momentary solution is re install Sophos but it's not for always.

Thank you !



This thread was automatically locked due to age.
Parents
  • Also suffering the same issue, the Sophos MTR team have looked at one of the clients flapping and cant see any reason for the status change, we have opened a support ticket but short of being told to uninstall and reinstall the endpoint they havent been much help.

  • The Sophos support from India is 0/10. Another short solution to avoid to reinstall the Endpoint is disable the tamper, disable the Sophos Health service and remove the file in C:\ProgramData\Sophos\Health\Event Store\Database and re enable the service. It will reset all event.

    Workaround for me... How can we speak to the support from England with competence?  We pay for good support!!

Reply
  • The Sophos support from India is 0/10. Another short solution to avoid to reinstall the Endpoint is disable the tamper, disable the Sophos Health service and remove the file in C:\ProgramData\Sophos\Health\Event Store\Database and re enable the service. It will reset all event.

    Workaround for me... How can we speak to the support from England with competence?  We pay for good support!!

Children