Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=health-check-scores

Health Check Scores

Account Health Check shows scores for your account health. These reflect whether your devices or policies are using recommended, secure settings.

There are scores for overall health, for each security feature, and for each specific health check we do.

Overall health

A Health Summary is shown at the top of the Account Health Check page.

Your Overall Health Score is a score out of 100. This score is the same as the lowest score out of all your health checks.

The doughnut chart reflects that lowest score.

Scores are broken down into Good health (green), Issues (yellow), and Snoozed issues (gray). Snoozed issues are issues that you've postponed dealing with.

Overall health score donut chart.

Under the chart, the Other organizations figure shows you the average score that other organizations achieve. See Scores compared to other organizations.

The trend arrow and number show how your overall score changed in the last four weeks. If you see a dash instead of a number, the score change is currently unavailable.

Trend arrow showing how your score changed.

The Health check scores bar charts show your score out of 100 for each security feature and how it compares to other organizations. For details, see Scores for each security feature.

Health check summary bar charts.

Scores for each check

In each health check, for example Endpoint Protection, we show a score for that check.

Individual health check score.

We calculate the score based on the number of devices or settings that comply with our recommendations.

Scores can range from 0 to 100. A score of 100 shows with a green checkmark. Any score less than 100 is shown in yellow and indicates that you can improve security.

Snoozed checks show a score in gray. Snoozing doesn't affect your scores.

If we can't show a score, we show a dash in its place:

Health check logo and a dash.

To get help to fix issues and improve your score, click the help icon in the bottom left of the check.

Help icon.

Scores for each security feature

We show an overall score for each security feature, for example, Protection installed. You see this score in the upper right of that section on the page.

This score is the lowest score of the checks in that section.

Health score for a feature.

How we calculate scores

Here's how we calculate the scores for each type of health check.

Protection installed

For Endpoint protection or Server protection, we calculate the percentage of devices that have all your licensed software.

For example, if you have 1000 devices and 900 have all the protection you're licensed for, you see a score of 90.

The overall score for Protection installed is the same as the lowest score of the two checks in this section.

Tamper protection

For Endpoint tamper protection or Server tamper protection, we calculate the percentage of devices that have tamper protection turned on.

Global tamper protection is either turned on (score 100) or turned off (score 0).

If global tamper protection is off, no devices have this protection. The endpoint and server checks show a score of 0. When you turn global tamper protection on, those checks show the percentage of devices with protection turned on locally.

The overall score for Tamper Protection is the same as the lowest score of the three checks in this section.

Policies

For Endpoint Threat Protection policy settings or Server Threat Protection policy settings, we calculate the score as follows:

In each policy, we deduct 10 from the score for each setting that doesn't match our recommended setting. So if a policy has two of these settings, we deduct 20, and the score is 80.

If you have multiple policies of the same type (for example, endpoint threat protection policy), we take the average score of those policies.

Some policy options don't have a recommended setting. We ignore those in our checks.

The overall score for Policies is the same as the lowest score of the two checks in this section.

Exclusions

For Endpoint policy exclusions or Server policy exclusions, we calculate the score as follows:

In each policy, we deduct 20 from the score for each insecure exclusion. So if a policy has two insecure exclusions, we deduct 40, and the score is 60.

If you have multiple policies of the same type (for example, endpoint exclusions), we take the average score of those policies.

For Global exclusions, we calculate the score as follows:

We deduct 20 from the score for each insecure exclusion. So if you have two insecure exclusions, we deduct 40, and the score is 60.

The overall score for Exclusions is the same as the lowest score of the three checks in this section.

Note

We only check for exclusions that are a significant security risk. Even if your exclusions health checks show a high score, regularly check that your exclusions are necessary and safe.

Scores compared to other organizations

You can see how your scores compare with other organizations.

By default, we show you average scores for organizations that are in the same size range and use the same Sophos Central data region. Look for Other organizations underneath each chart in the Health summary section.

Other organizations score.

If we can't show the Other organizations score, we show a dash in its place.

Other organizations with a dash.

You can change the organization size we use for the Other organizations scores. You might want to do this if you have many devices you aren't using, or you just want to see how larger organizations score.

In Show scores for organizations with a similar number of devices, select the size range you want to see.

Organization size selector.