Ereignisse Sophos Endpoint löschen

Hallo Marcel Hoffmann 

To reset the events database events.db file you need to do the following:

1. Disable Tamper Protection

2. Under Windows Services (services.msc), Stop Sophos Health Service

3. Go to C:\ProgramData\Sophos\Health\Event Store\Database and rename the file events.db to events.orig.

4. Restart Sophos Health Service.

5. Open the Task Manager and end the process Sophos Endpoint User Interface.

6. Launch a new Sophos Endpoint user interface by clicking the file C:\Program Files\Sophos\Sophos UI\Sophos UI.exe and verify that its status is green and the event count is 0.

7. Enable Tamper Protection again.

If you need the steps for a Mac, please let us know.

I don't think you can change how far back the events are logged. You can submit this as a product enhancement request or vote if one already exists at https://ideas.sophos.com.

Thanks,

Hello DianneY,
can you send me the necessary steps for the Mac? We currently have the problem that a Mac reports that it is infected, but the affected file has already been deleted manually.

Regards

Lennart Kramer

Hi LKramer 

Please start with the steps in this KB: Sophos Central Endpoint: How to reset the detection count in Mac endpoints

If that does not help you, follow the steps below:

Only perform these steps if the Reset Summary did not work. 

1. Turn off the Tamper Protection.
2. Click on Go from the Finder menu and then select Computer.
3. Enter the startup volume which is usually Macintosh HD.
4. Go to Library > Sophos Anti-Virus.
5. Rename the file events.db to events_old.db.  
6. (only if malware events need to be cleared) Rename the file quarantine*.db to quarantine*.old
7. (only if malware events need to be cleared) Rename the file quarantine*.db-shm to quarantine*.shm.old
8. (only if malware events need to be cleared) Rename the file quarantine*.db-wal to quarantine*.wal.old
9. Enter the Mac admin password to authorize the change.
10. After a few seconds, new files should be created.
11. Verify that the Sophos Endpoint user interface status and events count are green and 0, respectively.
12. Turn on the Tamper Protection. 

Hi LKramer 

Please start with the steps in this KB: Sophos Central Endpoint: How to reset the detection count in Mac endpoints

If that does not help you, follow the steps below:

Only perform these steps if the Reset Summary did not work. 

1. Turn off the Tamper Protection.
2. Click on Go from the Finder menu and then select Computer.
3. Enter the startup volume which is usually Macintosh HD.
4. Go to Library > Sophos Anti-Virus.
5. Rename the file events.db to events_old.db.  
6. (only if malware events need to be cleared) Rename the file quarantine*.db to quarantine*.old
7. (only if malware events need to be cleared) Rename the file quarantine*.db-shm to quarantine*.shm.old
8. (only if malware events need to be cleared) Rename the file quarantine*.db-wal to quarantine*.wal.old
9. Enter the Mac admin password to authorize the change.
10. After a few seconds, new files should be created.
11. Verify that the Sophos Endpoint user interface status and events count are green and 0, respectively.
12. Turn on the Tamper Protection.