Just recently received this event message from 25+ computers across the company (all Macs using High Sierra 10.13 or Mojave 10.14). Seems to affect randomly. I couldn't find any related posts in the community. Any help would be appreciated. Thanks!
Hi Everyone,
We have an official announcement on the reported issue.
On October 21, 2018, we released a policy update for Macs, which updated the strength of the updating password encryption. This has resulted in some Macs reporting Policy Non-Compliance: Updating, as the systems took in the new encryption. The systems have moved over to the updated policy automatically, so this alert in central can be acknowledged. For more details please refer the below KBA.
Central Dashboard shows Policy Non-Compliance: Updating for Macs
Regards,
Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
I have absolutely no idea how Sophos considered this problem thread RESOLVED by linking to a Known Issue article https://community.sophos.com/kb/en-us/132977
1. Firstly, how can you magically say that this is the root cause, without actually looking in to each case!?
2. Secondly, how can Sophos just ask it's customers to just clear the alerts is beyond me!? Whats the point of the alerts in the first place if all you do is ask us to clear them!? You've immediately devalued the quality of your alerts by saying this.
3. Lastly, the referenced article itself https://community.sophos.com/kb/en-us/132977 is poor - it also suggests... "In Sophos Central, select "Alerts" on the left side, check any "Policy Non-compliance: Updating" notifications from Macs, click "Mark as Acknowledged" without any way of the customer confirming that this is the cause of the alerts in their environment. Once again, you've just devalued your alerting system. Effectively telling your end customer base to "ignore the alerts from Sophos!". This is not the right message from a security company going in to the EDR market!!!
So, I raised this case to Sophos, and it was suggested that I clear the alerts, and if they are genuine they will come back. Well, I didn't clear the alerts and they cleared themselves up eventually without any user intervention. HOWEVER... the alerts automatically appeared again in the Central console for all our Macs, even if they were turned off.
So I picked this up with Support again and followed the support thread in Sophserv... End result...
* We are using Sophos Central MacOSX client version 9.8.0.
* The following online ref from Sophos https://community.sophos.com/kb/en-us/11846 suggests the latest version of Central OSX is 9.7.6!? .... Eh?
* So I logged into the Downloads section of Sophos and confirmed that 9.8.0 is the latest version, and what did I see.......
Resolved issues
|
Issue ID |
Description |
|---|---|
|
MACEP-3524 |
Resolves an issue where some endpoints might incorrectly report 'out of compliance' for Auto Update policy. |
According to what I saw, the release date for Sophos Central for Mac OSX 9.8.1 is November 2018. T- 8 days....
I hope this helps others that have this issue, and have been given bad advice from Sophos.
Regards,
John
Hi John,
I am very sorry about any miscommunication regarding this issue. The thread was marked Resolved as the problem itself was addressed with a workaround, and with an article with next steps.
Regarding the alerts, this was a problem on our end which is now fixed, but it did require users to perform some manual intervention. I understand your point about the alerts, but this was a very specific alert that triggered after a specific change was made on our end, and we communicated what happened and how to workaround it (until a fix was found).
The article now states that the fix is covered in Sophos Central Mac Endpoint 9.8.1 (I see there was an update to the article on Nov 23rd, so this may not have been there on the 22nd when you posted this). The version 9.8.1 is still in the process of being released (until Nov 27th), so it may take a few more days for you to receive it.
We will work on getting article community.sophos.com/.../11846 up-to-date to avoid confusion. Thank you very much for bringing this up.
I do apologize for any inconveniences this may have caused, and if you have any ticket numbers you'd like us to review, please feel free to send me a private message with them.
Thank you very much for your understanding.
Regards,
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hi John,
I am very sorry about any miscommunication regarding this issue. The thread was marked Resolved as the problem itself was addressed with a workaround, and with an article with next steps.
Regarding the alerts, this was a problem on our end which is now fixed, but it did require users to perform some manual intervention. I understand your point about the alerts, but this was a very specific alert that triggered after a specific change was made on our end, and we communicated what happened and how to workaround it (until a fix was found).
The article now states that the fix is covered in Sophos Central Mac Endpoint 9.8.1 (I see there was an update to the article on Nov 23rd, so this may not have been there on the 22nd when you posted this). The version 9.8.1 is still in the process of being released (until Nov 27th), so it may take a few more days for you to receive it.
We will work on getting article community.sophos.com/.../11846 up-to-date to avoid confusion. Thank you very much for bringing this up.
I do apologize for any inconveniences this may have caused, and if you have any ticket numbers you'd like us to review, please feel free to send me a private message with them.
Thank you very much for your understanding.
Regards,
Barb@Sophos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
