Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 4431 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ereignisse Sophos Endpoint löschen

Marcel Hofmann

Hallo,

 

wie kann ich das Ereignisprotokoll auf dem Endpoint löschen, oder die Dauer der Speicherung einstellen.

 

Beste Grüße

Marcel



This thread was automatically locked due to age.
Parents
  • 0

    Hallo  

    To reset the events database events.db file you need to do the following:

    1. Disable Tamper Protection

    2. Under Windows Services (services.msc), Stop Sophos Health Service

    3. Go to C:\ProgramData\Sophos\Health\Event Store\Database and rename the file events.db to events.orig.

    4. Restart Sophos Health Service.

    5. Open the Task Manager and end the process Sophos Endpoint User Interface.

    6. Launch a new Sophos Endpoint user interface by clicking the file C:\Program Files\Sophos\Sophos UI\Sophos UI.exe and verify that its status is green and the event count is 0.

    7. Enable Tamper Protection again.

    If you need the steps for a Mac, please let us know.

     

    I don't think you can change how far back the events are logged. You can submit this as a product enhancement request or vote if one already exists at https://ideas.sophos.com.

     

    Thanks,

  • 0 in reply to DianneY

    Hello DianneY,
    can you send me the necessary steps for the Mac? We currently have the problem that a Mac reports that it is infected, but the affected file has already been deleted manually.

     

    Regards

    Lennart Kramer

Reply Children
  • 0 in reply to LKramer

    Hi  

    Please start with the steps in this KB: Sophos Central Endpoint: How to reset the detection count in Mac endpoints

    If that does not help you, follow the steps below:

    Only perform these steps if the Reset Summary did not work. 

    1. Turn off the Tamper Protection.
    2. Click on Go from the Finder menu and then select Computer.
    3. Enter the startup volume which is usually Macintosh HD.
    4. Go to Library > Sophos Anti-Virus.
    5. Rename the file events.db to events_old.db.  
    6. (only if malware events need to be cleared) Rename the file quarantine*.db to quarantine*.old
    7. (only if malware events need to be cleared) Rename the file quarantine*.db-shm to quarantine*.shm.old
    8. (only if malware events need to be cleared) Rename the file quarantine*.db-wal to quarantine*.wal.old
    9. Enter the Mac admin password to authorize the change.
    10. After a few seconds, new files should be created.
    11. Verify that the Sophos Endpoint user interface status and events count are green and 0, respectively.
    12. Turn on the Tamper Protection. 
Unfiltered HTML