Just recently received this event message from 25+ computers across the company (all Macs using High Sierra 10.13 or Mojave 10.14). Seems to affect randomly. I couldn't find any related posts in the community. Any help would be appreciated. Thanks!
Hi Everyone,
We have an official announcement on the reported issue.
On October 21, 2018, we released a policy update for Macs, which updated the strength of the updating password encryption. This has resulted in some Macs reporting Policy Non-Compliance: Updating, as the systems took in the new encryption. The systems have moved over to the updated policy automatically, so this alert in central can be acknowledged. For more details please refer the below KBA.
Central Dashboard shows Policy Non-Compliance: Updating for Macs
Regards,
Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hi Everyone,
We have an official announcement on the reported issue.
On October 21, 2018, we released a policy update for Macs, which updated the strength of the updating password encryption. This has resulted in some Macs reporting Policy Non-Compliance: Updating, as the systems took in the new encryption. The systems have moved over to the updated policy automatically, so this alert in central can be acknowledged. For more details please refer the below KBA.
Central Dashboard shows Policy Non-Compliance: Updating for Macs
Regards,
Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Personally I see this whole "just Acknowledge the alert" stance as an issue with Sophos, and I've only been using Central for a few days.
It's pretty much like seeing an SSL cert and training people to just click through the warning, or a system raising False Positive alerts and the Service Desk just ignoring the genuine alerts because they are noise.
How do we ensure that we're not just blindly acknowledging these alerts Central? What tools do we have at our disposal that can check the Central policy Versus that of the local end-point.
Otherwise these Sophos alerts will also be considered "noise".
Anyone care to chip in?
Gowtham - This is poor response on Sophos's part. Sophos botched a roll out. The answer is simple, fix it. It may have been meant to have this in place when the new encryption was available but that failed. Remove it until Sophos either learns how to have it in place without causing invalid alerts or until the new encryption is in place.
Also, your date is incorrect. The first reported instance of this alert in my Sophos Central was Oct 20th at 4:33 PM CDT (GMT -5). The alert does not post until 2 hour after the non-compliance was detected, that puts us at 2:33 PM CDT. Germany is 7 hours ahead of CDT so that would make it Oct 20th at 9:33 PM at the latest, which is still not Oct 21st.
Hello
Sorry but it sounds strange to me, as it could be that it is due to a problem because of something that was done on the date 21-10, if I have alerts with previous dates.
Attached image
regards
All,
Apologies for any inconveniences. If this article does not cover your issue, the best thing would be to review the below articles as a starting point:
A more generic but helpful article about Policy Compliance issues (and their triggers)
How to troubleshoot policy compliance issues
Also, consider if any network changes (or policy changes) took place during those times.
If the above listed does not apply to your situation, please file a case with support and include the SDU logs so that further analysis can be performed.
You may also want to mention this post so that they know what was tried, and a screenshot with the dates of your alerts.
If you have an open ticket, please send me a direct message and I will bring it to the attention of the engineers that created the article for the alert.
Thank you!
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
I have absolutely no idea how Sophos considered this problem thread RESOLVED by linking to a Known Issue article https://community.sophos.com/kb/en-us/132977
1. Firstly, how can you magically say that this is the root cause, without actually looking in to each case!?
2. Secondly, how can Sophos just ask it's customers to just clear the alerts is beyond me!? Whats the point of the alerts in the first place if all you do is ask us to clear them!? You've immediately devalued the quality of your alerts by saying this.
3. Lastly, the referenced article itself https://community.sophos.com/kb/en-us/132977 is poor - it also suggests... "In Sophos Central, select "Alerts" on the left side, check any "Policy Non-compliance: Updating" notifications from Macs, click "Mark as Acknowledged" without any way of the customer confirming that this is the cause of the alerts in their environment. Once again, you've just devalued your alerting system. Effectively telling your end customer base to "ignore the alerts from Sophos!". This is not the right message from a security company going in to the EDR market!!!
So, I raised this case to Sophos, and it was suggested that I clear the alerts, and if they are genuine they will come back. Well, I didn't clear the alerts and they cleared themselves up eventually without any user intervention. HOWEVER... the alerts automatically appeared again in the Central console for all our Macs, even if they were turned off.
So I picked this up with Support again and followed the support thread in Sophserv... End result...
* We are using Sophos Central MacOSX client version 9.8.0.
* The following online ref from Sophos https://community.sophos.com/kb/en-us/11846 suggests the latest version of Central OSX is 9.7.6!? .... Eh?
* So I logged into the Downloads section of Sophos and confirmed that 9.8.0 is the latest version, and what did I see.......
Resolved issues
|
Issue ID |
Description |
|---|---|
|
MACEP-3524 |
Resolves an issue where some endpoints might incorrectly report 'out of compliance' for Auto Update policy. |
According to what I saw, the release date for Sophos Central for Mac OSX 9.8.1 is November 2018. T- 8 days....
I hope this helps others that have this issue, and have been given bad advice from Sophos.
Regards,
John
Hi John,
I am very sorry about any miscommunication regarding this issue. The thread was marked Resolved as the problem itself was addressed with a workaround, and with an article with next steps.
Regarding the alerts, this was a problem on our end which is now fixed, but it did require users to perform some manual intervention. I understand your point about the alerts, but this was a very specific alert that triggered after a specific change was made on our end, and we communicated what happened and how to workaround it (until a fix was found).
The article now states that the fix is covered in Sophos Central Mac Endpoint 9.8.1 (I see there was an update to the article on Nov 23rd, so this may not have been there on the 22nd when you posted this). The version 9.8.1 is still in the process of being released (until Nov 27th), so it may take a few more days for you to receive it.
We will work on getting article community.sophos.com/.../11846 up-to-date to avoid confusion. Thank you very much for bringing this up.
I do apologize for any inconveniences this may have caused, and if you have any ticket numbers you'd like us to review, please feel free to send me a private message with them.
Thank you very much for your understanding.
Regards,
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
