Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Notifycation missing on RED Flag status

Hi All,

We have Sophos Endpoint Protection installed on all our clients and all is managed from the Sophos Cloud. Yesterday one of the clients was automatically updated by Sophos. The update failed and one of the services did no longer run. This caused the client to be RED flagged in the Sophos Cloud. This RED flag led to an automatic isolation of the device. PERFECT! This is exactly the behaviour I want in my organisation.

There was only one thing missing, there was no notifycation of the event send out to the administrators. This made that it took longer then needed to resolve this matter. Now why did we not get this notification? I checked in the Sophos Cloud but all notifycations are enabled and all error/critical errors should bne notified directly, warnings and information notifycations are send once every day.

Please help me understand and resolve this.

Kind regards,
Jeffrey



This thread was automatically locked due to age.
Parents Reply
  • Hi  

    Altering is setup fine, this all works. The isolation of a client device should always be a critical situation, no matter what the cause is. If the cause is and infection then the administrator should definitly receive a notifycation, but now the Admin just does not get notified if a client device is isolated. That is a very bad property!

    You say that in some cases alerting is delayed due to an automated remediation process, can you share some documentation or KB article where it is explained when this exactly happens?

Children