Skip to main content
williasthomas192004
williasthomas192004
Explorer III
January 15, 2026
Question

FortiNAC Posture Check Cannot Detect Sophos Endpoint Using Dissolvable Agent

  • January 15, 2026
  • 1 reply
  • 273 views

Post Content:
Hello Fortinet Team,

I am using FortiNAC posture assessment to check for Sophos Endpoint on client devices.

Expected behavior:
If Sophos is installed → posture scan should pass and device should be allowed on the network.

Actual behavior:
Even though Sophos Endpoint is installed and running on the client, the posture scan fails when using the dissolvable agent. FortiNAC reports Sophos as not detected.

Environment details:

  • FortiNAC version: [your version]

  • Endpoint OS: Windows [10/11]

  • Sophos product: [Sophos Endpoint / Intercept X / Central]

  • Posture method: Dissolvable Agent

Troubleshooting done:

  • Verified Sophos service is running

  • Confirmed Sophos is visible in Programs & Features

  • Posture policy configured for Sophos AV

  • Issue persists on multiple devices

Questions:

  1. Is the dissolvable agent fully supported for detecting Sophos Endpoint?

  2. Are there known limitations with Sophos Tamper Protection?

  3. Is persistent agent required for reliable Sophos detection?

  4. Are custom registry checks recommended for newer Sophos versions?

Any guidance or best practice would be greatly appreciated.

Thank you.viber_image_2026-01-13_16-39-22-747.jpg

1 reply

ebilcari
Staff
ebilcari
Staff
January 15, 2026

There was a recent change made by Sophos in November of last year, and the changes are already included in the latest definitions. Make sure that FNAC can successfully run the 'Auto-Definition Synchronizer' from Scheduler.
Technically, the DA should perform the same checks as the PA, but it may be limited. To get more details, try enabling the DA logs as shown here: Troubleshooting Tip: Agent logs on end hosts

Emirjon
Terms & ConditionsAccessibility statement