Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 789 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Intercept X Registry Keys

Jakub Sliwinski

What are the registry keys I can use to verify my sophos is enabled and up to date? (Winodws 11)



This thread was automatically locked due to age.
  • +1

    Thank you for reaching the community,

    For verifying the registry, you may refer to this documentation.

    For update, if the endpoint is updating correctly, your endpoint status will show green/healthy status. You can also validate this by opening the Sophos UI and clicking "About," which can be seen on the lower right of the UI. A new window will appear, then click "Open Endpoint Self help tool". And go to the "Management Communication" tab once the new window appears.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • 0

    Thank you for your reply

    Unfortunately it does not solve my problem. I checked the documentation before and it says that it applies to: 

    • Sophos Central Endpoint
    • Sophos Endpoint Security and Control

    I'm not exctly sure how to interpret Sophos Central Endpoint. I want to be able to check the registy for Sophos Intercept X - does it use the central endpoint? It's a bit unclear for me.

    Based on documentation this is a value I'm interested in, but the registry key does not exist on my windows machine. 

  • 0

    There isn't really a supportable interface via the registry for this. Nothing that says "up to date" as such but if I had to pick something for up to date state:

    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\AutoUpdate\UpdateStatus

    Result = 0 is good and LastUpdateTime could be used to compare against the current time taking into account some window.

    The policies from Sophos Central are stored here:HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy but as for a state that says it's working, maybe the Health status: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Status

    As I say, this could all change and I think there is going to be a new set of health state under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\SharedState\ 

    But it isn't fully available yet.

Unfiltered HTML