This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Heartbeat showing Red on XG but green on Sophos Central

I've recently upgraded to sophos advanced and 27/44 of my systems are showing 'at risk' or 'red'.

I checked sophos central and all the machines look well. I rebooted a few client machines and no change.

Here is an excerpt from the heartbeat log file on one of the 'red' clients:

2018-02-17T01:26:35.386Z [ 4340] INFO WinMain ----------------------------------------------------------------------------------------------------
2018-02-17T01:26:35.402Z [ 4340] INFO WinMain Starting version 4.3.60 of the Sophos Heartbeat service.
2018-02-17T01:26:35.402Z [ 4340] INFO WinMain ----------------------------------------------------------------------------------------------------
2018-02-17T01:26:35.386Z [ 4660] INFO ConfigMonitor::StaticThread The configuration monitor thread was started.
2018-02-17T01:26:35.855Z [ 5260] INFO ConfigMonitor::StaticThread The configuration monitor thread was started.
2018-02-17T01:26:36.558Z [ 5272] INFO RetryCalculator::Notify Connection failed.
2018-02-17T01:26:36.558Z [ 5272] INFO RetryCalculator::Notify Connection re-establish delay value is now 15 seconds
2018-02-17T01:27:06.684Z [ 5272] INFO RetryCalculator::Notify Connection succeeded.
2018-02-17T01:27:06.684Z [ 5272] INFO RetryCalculator::Notify Connection re-establish delay value is now 1 seconds
2018-02-17T01:27:06.684Z [ 5272] INFO RequestSender::SendRequest Sending login request.
2018-02-17T01:27:06.699Z [ 5272] INFO RequestSender::SendRequest Sending network request. Active Interfaces:
MAC: 34:13:E8:21:51:5B - INET: 192.168.20.99 - INET6:
MAC: B8:AE:ED:73:1D:A7 - INET: 192.168.0.149 - INET6:
2018-02-17T01:27:06.699Z [ 5272] INFO RequestSender::SendRequest Sending status request. Current status is -> health: Bad(3)
2018-02-17T01:29:06.773Z [ 5272] INFO RequestSender::SendRequest Sending login request.

Any help would be welcomed!

This thread was automatically locked due to age.

0 jak over 7 years ago

Could you export the key:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\
and attach it?

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel

0 Global IT over 7 years ago in reply to jak

It's not letting me attach it, here's a dropbox link:

https://www.dropbox.com/s/sronv483zwrelkc/SophosHealth.reg?dl=0

Also a paste of the output if you're wary of downloading reg files

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Logging]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\Status]
"health"=dword:00000001
"service"=dword:00000001
"threat"=dword:00000001
"service.Sophos AutoUpdate Service"="0"
"service.Sophos MCS Agent"="0"
"service.Sophos MCS Client"="0"
"service.Sophos Anti-Virus"="0"
"service.Sophos Anti-Virus Status Reporter"="0"
"service.Sophos System Protection Service"="0"
"service.Sophos Web Control Service"="0"
"service.Sophos Web Intelligence Filter Service"="0"
"service.Sophos Web Intelligence Service"="0"
"service.Sophos Data Recorder"="0"
"service.Sophos Device Control Service"="0"
"service.Sophos Network Threat Protection"="0"
"service.Sophos Heartbeat"="0"
"_UnbiasedLastWrite"=hex(b):00,59,2c,2b,65,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\ThreatNotification]
"Severity"=dword:00000001

Finally, here's a screencap of the Sophos main panel on the same client