Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 5822 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot view "Anti-Virus and HIPS Log" from PC

IanL

Hi,

We're running SAV 10 from an Enterprise console (5.0) controlled PC on a small LAN (10 PCs)

Everything is working well. We have a daily scan set in a policy for the LAN to run at 13:00 and all PCs start and run the scan. All but one finishes in about 50 minutes. The odd one takes two hours to scan even though it has the same size disks and configuration.

C: = 45GB

E: = 100GB

It may be related but on this one PC, I cannot select "View Anti-Virus and HIPS log" from the Endpoint screen. I can on all the others.

So two questions:

1. What stops the user ( a PC Admin) from selecting the view log in the endpoint screen?

2. Why does this same computer take over two hours to scan the local hard drives when all the others complete within 50 minutes or so?

And two suggestions:

1. Somehow make the Enterprise Console be able to view the log files of the networked PCs. Having to go to the PC to view the log is a pain in the **bleep** bum.

2. Somehow allow a sceduled scan to be run at computer shutdown like a Windows Update. We insist all computers are shut down each day to save power, so it would be great if a scan could be set up so that when the user clicks START > SHUTDOWN, a scan starts, runs then shuts down the PC. This would be an ideal time to run the scan and would save slowing down the PC during the day.

:23055


This thread was automatically locked due to age.
  • 0

    Hi,

    It just views the file sav.txt.  What does that have in it?

    "\ProgramData\Sophos\Sophos Anti-Virus\logs \sav.txt"


    Regards,

    Jak

    :23059
  • 0
    jak wrote:

    Hi,

    It just views the file sav.txt.  What does that have in it?

    "\ProgramData\Sophos\Sophos Anti-Virus\logs \sav.txt"


    Regards,

    Jak

    Thanks, I sorta knew that, the question however was why this installation on this particular PC has that option greyed out.

    :23083
  • 0

    Hello IanL ,

    are there other differences on the Sophos GUI (i.e. other links greyed out as well)?  If you open View product information what's the value of  "Current user rights"?

    Christian

    :23085
  • 0

    Re: the links. View log and all the Tamper protection items are greyed out.

    OK, something odd here:

    The user logged in to that PC is an Administrator for the PC but the product information shows the status as Sophos User. The network account used to install/update the computers on the LAN is a Sophos Administrator.

    Checking Control Panel > Users, this PC has only one Sophos User account called ASPNET and is not an account I have setup as Sys Admin. Nor is this on our Server's user list.

    It's not something I recognise as any part of the Sophos install or management so I suspect it's been setup by some other software.

    I'll remove that user and check.

    Thanks for the hint as to what to look for.

    :23091
  • 0

    Hello IanL,

    please see Understanding Windows and Sophos Groups if you haven't done already. Note that the Sophos groups are set up and populated at install time only. An account created at a later time will not be added automatically - but it usually has an indirect membership. Thus the SophosAdministrator group usually contains: "the" Administrator, SYSTEM and any member of the Administrators group at install time and - in an AD environment - the corresponding SophosDomain..... group. 

    Christian

    :23099