Issue: Sophos Central Admin – US-West region - Delays with the enforcement of Central policies on managed endpoints.

We are experiencing the same issues as other companies.  We are experiencing the new install machines failing, we are seeing that when we run a diagnostic on the machines the computer management is having issue and provides an error with 504 gateway timeout.  Our laptop machines are loosing wifi connectivity although they are in the policy that allows wifi.  we are getting failed updates although the desktop console is update on the Sophos central console it shows out of date. 

This is becoming to frequent and to often in our environment especially when you have Ransomware and Breachs at an all time high.  What is being done to resolve this issue and get our companies running at a smooth pace? are we really secure when you tell us that?  Many of us have invested great amounts of money and we are experiencing issues that last months with no true resolution that does not look good for us who truly believed in Sophos. 

This week all of our Laptops have lost WiFi connectivity.  We have Chiefs in meetings and they all lost connectivity and it has been taking hours to get them back online with wifi.  This is definitely not a good look.  As this has been happening for about 2 to 3 weeks.

I have a laptop that took about 2 hour to get updated with the Communication Management and still not updating on the Sophos Central Console.  There is a huge communication delay

in the Diagnostic Tool it show that Management Communication is failing with the error "504 Gateway Timeout.  With 4 failed attempts. the server address we are connecting to is 52.25.245.140

Sorry for the late notice but Sophos Central is under maintenance. read more here: https://community.sophos.com/kb/en-us/127456 

I am ready for these to stop.  

I am ready for these to stop.  

Me too -- we manage a number of customers and the random emails saying the services have stopped, etc. are seriously annoying.  It's dangerous because we've gotten to the point where we ignore the alert (for the most part -- if it repeats on a single client we check it out) -- the boy has cried wolf one too many times.

I checked on a few machines with the alarm and the Sophos System Protection Service was not started. I opened a ticket and their response was to send me a KB on how to start a service.  The machines in your list either need rebooted or manually start the service which is what I did.  I created the ticket because we should not have to manually start a service.

You can be on the other end like I just realized we are.  I got one email this morning about a service not running on a machine and when I logged into the cloud I see there are 4 machines with that alert.  

What really bothers me is that this is a email-worthy alert (we get hundreds of these - the boy who cried wolf):

(False Alarm) Policy Violation

But these are not email-worthy and have to be searched to see them:

Malware Detection

Controlled Application Violation

I guess Sophos wants us to see how broken their product is more than the security issues on our PCs that might need to be looked into or logged.

We are getting installation failures (again!).  Is there another outage?  Sophos is reporting everything is fine, but that seems to be their M.O.

I'm having the same issue. Installed on 8 Domain Controllers last night, all failing to download and finalise the install, although they register with the Central Console.

I would have to agree. Sopho's indeed seems to be the Solution were the end users are the Beta tester for their products. I rolled this out early Aug.

I cannot tell you how many times I have to babysit this product. Revisit PC previous rolled out with Sophos because they refuse to Update. Is this a joke??

Emails come it, some services not running WTF, they were running fine yesterday and the day before that, now what??

Exclamation marks that NEVER go away.

Agent on Windows is all but useless. Nothing about whats in Quarantine and how to get to it and clean it, I guess it remains in there forever??

Agent on MAC has some items I can actually use. The MAC agent can: Scan this Mac, Update Now, Open Scans, Open Preferences, Open Quarantine Manager.

Not to mention, a full 60 seconds before the login opens the dashboard. A couple of times I closed the browser thinking it wasn't going to connect.

And one other thing. I had a user who needed Sophos turned off "RIGHT NOW" as it seemed to be blocking her from getting a very large report finished. Try as I might, enter Admin Code, turn off, nothing. try and unistall, failed.....tamper needs to be off. Turn of Tamper protect for PC. NOPE. Still fails to uninstall (please turn tamper protect off...it is OFF for damn sake)

Turn off Tamper Protect for Domain...NOPE. She is still blocked by Sophos. Missed her deadline. I am the idiot because I cannot stop Sophos actions. 

I hate the way this product does not let you administer it.

Frustration level is setting in. Arrrrg

Ok..coming to wits end with Spohos. Central reports "Malware or potentially unwanted applications in quarantine" Wow...fabulous, but where the hell is it??

So lets walk all the way over/up/across to where this workstation is and see what we can see. Have to Open Sophos agent on PC and looks for events, Malware and PUA's. Ok.

There is a path mentioned, but you can't really see that path because the windows is too frigging small and does not scale (DOH)

Hold mouse over 'path' so it displays, quickly make note of path, because you cannot copy/paste, holy shit batman.

The we have to go to said location, and it happens to be a folder I put on the PC a few days ago. Ok cool. Found PSEXEC.exe. Ok..fine. I go to delete the file. Nope.

Apparently I need to ask myself for permission before myself can remove the file from myself's PC.

So now I have to reboot into safe mode to delete this file. How the hell does this garbage get out the door??

This is now turning out to be a bad bad choice. Very good Marketing Sophos, because you managed to suck me in hook line and sinker, but your product sucks.

I want my money back......is there a 60 day money back guarantee??

Ok..coming to wits end with Spohos. Central reports "Malware or potentially unwanted applications in quarantine" Wow...fabulous, but where the hell is it??

So lets walk all the way over/up/across to where this workstation is and see what we can see. Have to Open Sophos agent on PC and looks for events, Malware and PUA's. Ok.

There is a path mentioned, but you can't really see that path because the windows is too frigging small and does not scale (DOH)

Hold mouse over 'path' so it displays, quickly make note of path, because you cannot copy/paste, holy shit batman.

The we have to go to said location, and it happens to be a folder I put on the PC a few days ago. Ok cool. Found PSEXEC.exe. Ok..fine. I go to delete the file. Nope.

Apparently I need to ask myself for permission before myself can remove the file from myself's PC.

So now I have to reboot into safe mode to delete this file. How the hell does this garbage get out the door??

This is now turning out to be a bad bad choice. Very good Marketing Sophos, because you managed to suck me in hook line and sinker, but your product sucks.

I want my money back......is there a 60 day money back guarantee??

Getting the "one or more services missing"  problem too. I really have no idea why the product cant restart the service itself?

Had two Cryptoguard events this week, that neither generated RCA.. and the event itself doesn't tell me anything. Emailed support, but I've now given up doing this. I cant see the point anymore as their fix / troubleshooting suggestions are always the same (dont help) and quite often would put the company at additional risk. Eg - I was having an issue with a exclusion working on a single policy for single user, so they requested I fix this by making a global exclusion. /facepalm

Now my central console is running so slow, its taking so long to do tasks this morning. Also the dashboard is not displaying correctly. 

The company signed up recently to 3 years (massive cost benefit reasons) - so I REALLY hope there is some major development happening in just fixing up this service. There are so many things missing/not functioning that I would consider to be pretty base requirements for product like this.