This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Heartbeat

I have 2 servers that are continually showing up as being at Risk, the not at Risk. When I check on Sophos Central is shows nothing at Risk.

The router that reports them as being at Risk is an XG135 (SFOS 17.5.5 MR-5). A scan is run on the servers weekly. I have run additional scans on them as well.

Has anyone else had this happen ? I'm looking for some direction please

This thread was automatically locked due to age.

Parents

0 JustanOn over 6 years ago

Hi Keith,

What is the health status of the servers if you log into them and open up Sophos UI? A snippet of the below two logs may help us determine why these servers are reporting themselves as at risk to the XG:

C:\ProgramData\Sophos\Heartbeat\Logs\Heartbeat.log

C:\ProgramData\Sophos\Health\Log\Health.log
Cancel
Vote Up 0 Vote Down

Cancel
0 Keith Wettlaufer over 6 years ago in reply to JustanOn

Thank you for replying. The UI does not show any alerts. The 24 Malware & PUA were from a month ago. I have attached screen shots from the logs you suggested
Cancel
Vote Up 0 Vote Down

Cancel
0 JustanOn over 6 years ago in reply to Keith Wettlaufer

Hi Keith,

Thanks for the logs. The heartbeat log shows the server indeed reporting its health status as bad (3) and good (1) constantly. This looks to be a known issue development is actively working on. I would advise raising a support case to increase visibility on this issue, to be notified of when the issue will be fixed, as well as have Sophos support's suggested workarounds. Please include the screenshots you collected here, a set of SDU logs from the server and reference development ticket "WINEP-19248" in the case.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JustanOn over 6 years ago in reply to Keith Wettlaufer

Hi Keith,

Thanks for the logs. The heartbeat log shows the server indeed reporting its health status as bad (3) and good (1) constantly. This looks to be a known issue development is actively working on. I would advise raising a support case to increase visibility on this issue, to be notified of when the issue will be fixed, as well as have Sophos support's suggested workarounds. Please include the screenshots you collected here, a set of SDU logs from the server and reference development ticket "WINEP-19248" in the case.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Keith Wettlaufer over 6 years ago in reply to JustanOn

Thank you
Cancel
Vote Up 0 Vote Down

Cancel
0 Keith Wettlaufer over 6 years ago in reply to JustanOn

Good morning. Do you know if there has been any progress on this problem from Sophos ? We still have 2 servers constantly flipping between red & green. All Sophos devices have the latest firmware installed.
Cancel
Vote Up 0 Vote Down

Cancel
0 JustanOn over 6 years ago in reply to Keith Wettlaufer

Hi Keith,

Do you have a support case number? There's a special build that has been provided to affected customers that resolves this issue and the fix has been planned for calendar Q3 release.
Cancel
Vote Up 0 Vote Down

Cancel
0 Badrobot over 6 years ago in reply to Keith Wettlaufer

Have you monitored the traffic going out from the server just to check that there is no outside influence or maybe an enormous amount of traffic that is being blocked by the XG?
Cancel
Vote Up 0 Vote Down

Cancel
0 Keith Wettlaufer over 6 years ago in reply to JustanOn

yes we do, case # 8872577
Cancel
Vote Up 0 Vote Down

Cancel
0 Keith Wettlaufer over 6 years ago in reply to Badrobot

Thank you for responding. Yes we monitor the traffic. There is not an enormous amount of data going out from the server.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 6 years ago in reply to Keith Wettlaufer

Did you ask in the Support Case to actually refresh the Health Database on the Client(Server)?

Seems like the Status is falsely stuck in the EP Status Database.
Cancel
Vote Up 0 Vote Down

Cancel