Navigating Sophos Central: A Guide to Known Issues and Workarounds

Sophos Central is a unified security management platform that simplifies the protection of modern environments. However, like any complex system, it occasionally encounters glitches. This article provides an in-depth overview of known issues within Sophos Central, offering practical workarounds and insights to help you navigate these challenges effectively.

Central Platform Issues

Remote Assistance Timeframe Display (CPLAT-56563)

• Affected Versions: CPG 2024.21
• Summary: The Remote Assistance timeframe drop-down in Central/Enterprise/Partner Dashboards defaults to '7 days' regardless of the previously selected duration.
• Description: When enabling remote access, the timeframe selection always reverts to '7 days' when revisited. While the dropdown displays incorrectly, the expiration date remains accurate.
• Workaround: Verify the expiration date displayed below the drop-down or consult the audit log entry from when Remote Access was enabled to determine the actual timeframe.

Partner Dashboard: MSP Flex License and Country Selection (CPLAT-55319)

• Affected Versions: CPG 2024.15
• Fixed Versions: CPG 2024.24
• Summary: Partner Super Administrators cannot select Aruba, Bonaire, or Curacao when creating a new MSP Flex licensed customer.
• Description: The country drop-down in the Partner Dashboard lacks the option to select Aruba, Bonaire, or Curacao.
• Workaround: Select a different country initially and then request a change through the Partner/Customer Care team.

License Usage Inaccuracies After Upgrades/Downgrades (CPLAT-52441)

• Fixed Versions: CPG 2024.24
• Summary: The license usage displayed on the License page in Enterprise and Central Dashboards can be inaccurate after license upgrades or downgrades.
• Description: For Term or Master Licensed customers, upgrading or downgrading a license may lead to incorrect usage distribution between the old and new licenses.
• Workaround: Ignore the usage discrepancy until the original license expires and is automatically removed after 30 days. Note that Flex licenses are not affected.

Central Login and Dashboard Display Challenges

MFA Issues with Chrome Password Manager (CPLAT-56381)

• Affected Versions: CPG 2024.21
• Summary: The "Incorrect pattern for [PIN]" error occurs with TOTP MFA when using Chrome Password Manager.
• Description: Users encounter an error message after entering the TOTP code when Chrome Password Manager is enabled.
• Workaround: Manually select the 'continue' button instead of pressing the 'enter' key when entering the TOTP code.

Scheduled Reports Not Loading (CPUI-10876)

• Affected Versions: CPG 2024.21
• Summary: The list of scheduled reports may not load if the Reports page is selected from within a Sophos product page.
• Description: Navigating to the Reports page from within a product section (e.g., Central Email) may prevent the scheduled reports section from loading initially.
• Workaround: Refresh the webpage to load the scheduled reports section.

Partner Dashboard Anomalies

PSA Ticketing Integration and Duplicate Tickets (CPLAT-55906)

• Summary: Duplicate tickets are sometimes created for the same endpoint detection event in PSA ticketing integrations.
• Description: Partners using PSA ticketing may observe duplicate tickets for a single endpoint detection, particularly when multiple detections occur within different locations in an archive file.
• Workaround: Determine if the archive file needs to be removed. If removal is an option, only one ticket needs to remain open. If the archive file must be retained, each individual path (and its corresponding ticket) remains valid until resolved.

Country and State/Province Selection (CPLAT-55773)

• Affected Versions: CPG 2024.18
• Summary: When selecting the 'Country' using only a keyboard, the 'State/Province' drop-down may display states/provinces from other countries.
• Description: Using the keyboard to tab onto the 'Country' drop-down menu can cause the 'State/Province' drop-down to show options from multiple countries.
• Workaround: Use the mouse to select the 'Country' drop-down menu and choose the country.

Enterprise Dashboard and Custom Dashboards (CPLAT-55393)

• Affected Versions: CPG 2024.15
• Summary: Custom dashboards created, edited, or deleted by an Enterprise Administrator are reflected across all subestates.
• Description: Changes to custom dashboards within one subestate are automatically applied to all other subestates in the Enterprise environment.
• Workaround: Create custom dashboards unique to a subestate, have the local administrator for the Central account manage the dashboard.

Other Central Dashboard Peculiarities

Firewall Report Delivery Restrictions (CSA-11622)

• Affected Versions: CPG 2022.18
• Summary: Custom firewall reports can only be sent to local Central Administrators, not Partner or Enterprise administrators.
• Description: Partner or Enterprise Administrators who add non-local administrators to firewall reports will find that these administrators do not receive the reports.

Audit Log "Anonymous Failed Authentication" Entries (CPLAT-39841)

• Affected Versions: CPG 2022.09
• Summary: "Anonymous failed authentication" entries in the Central Dashboard Audit log are due to an expected API Service Principal JWT renewal error.
• Description: These entries, stemming from API credential token refresh errors, are considered normal and do not require action.
• Workaround: These entries can be ignored. Refer to Sophos Article KB-000043845 for more details.

Entra AD Directory Sync and Guest User Mailboxes (CPERF-8317)

• Summary: Inability to sync AD users with the userType attribute 'Guest' without creating Central Email mailboxes.
• Description: If a customer desires 'Guest' users to be in ZTNA but not have a Central Email mailbox this is not possible.
• Workaround: Configure your Sophos Central Entra Directory services sync to filter out/exclude syncing Guest users. - Filter users and groups - Sophos Central Admin

License Allocation Update Delay (CPLAT-53760)

• Affected Versions: CPG 2024.06
• Summary: Updating the license allocation for a subestate may take several minutes to apply.
• Description: The spinning wheel may appear for up to 5 minutes before a successful confirmation message.
• Workaround: Allow sufficient time for the update and contact Technical Support if an error occurs.

Incorrect Cloud Optix Trial Icon (CPLAT-41524)

• Affected Versions: CPG 2022.21
• Summary: A Cloud Optix trial icon may incorrectly appear next to some customers on the Partner Dashboard's Sophos Customers page.
• Description: The Partner Dashboard may erroneously display an Optix trial icon for customers without an active trial.
• Workaround: Ignore the icon.

Blank Partner Contact Information (CPLAT-52264)

• Summary: Partner contact information is missing from the Partner Information page in Central Dashboard.
• Description: The phone number and website for partners are not displayed in the Central Dashboard.
• Workaround: Find your Partner's contact information by going to https://partners.sophos.com/english/directory/ and searching their directory.

MFA Reset Option Unavailable (CPLAT-51642)

• Affected Versions: CPG 2023.37
• Summary: The 'Reset MFA' option is not selectable if the account has not yet set up MFA.
• Description: The 'Reset MFA' option not selectable if the account in question has not set up their MFA.
• Workaround: The Central Admin user in question will already be prompted to set up their MFA when they next log into Central.

Excessive Audit Log Entries (CPLAT-48961)

• Summary: Repeated "Access Denied" entries referencing 'alerts:read' and 'endpoint-state:read' in Central Dashboard Audit Logs.
• Description: Central Dashboard and Enterprise Dashboard, as well as Partners (Partner Dashboard) can see excess amounts of Audit log entries that reference both 'alerts:read' and 'endpoint-state:read'.
• Workaround: If there are any questions or concerns about these entries, please contact Sophos Technical Support for help or clarification on what is being logged. Please reference this Known Issue entry.

SMS Security Code Unreliable Reception (CPLAT-48387)

• Summary: Some regions may experience unreliable reception of SMS security codes for Sophos multi-factor authentication.
• Description: The regulatory authorities in certain countries have specific SMS requirements, which may result in some customers not receiving SMS or receiving them as potential spam when signing in.
• Workaround: You may use the Multi-factor Authentication's authenticator app or the email and pin method to complete the sign-in process in any scenario where the SMS code is not being received.

Flex Trial Icon on Customer Page (CPLAT-51673)

• Affected Versions: CPG 2023.37
• Summary: This can be ignored in the interim of it being removed in the future.
• Description: Currently if a partner removes the ‘Central Firewall Reporting Advanced’ license for a flex customer using the ‘Change License’ wizard; it will show an icon under the ‘Central Firewall Reporting Advanced’ column in the Partner Dashboards' Customers page.
• Workaround: This can be ignored in the interim of it being removed in the future.

My Sophos API related integration stopped working (CPLAT-51647)

• Summary: My Sophos API related integration stopped working and/or I cannot find the API credential used.
• Description: If the API credential previously used is no longer present within Settings > API Credentials Management; and there is nothing in the Audit log showing it was removed, then the credential has

Conclusion

Staying informed about potential issues and their resolutions is crucial for maintaining a secure and efficient Sophos Central environment. By understanding these known issues and implementing the suggested workarounds, users can minimize disruptions and optimize their security posture. Always refer to the official Sophos documentation and support resources for the most up-to-date information.