Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1919 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint event didn't reported to console

Azwan

Hello 

As per subject above our customer recently found that few server encounter virus/suspicious behaviour and move to quarantine.

However the event was not reported back to console and this is affecting security issue since  server owner didn't notice the event  due to huge enviroment 2000+ server to monitor.

Currently we are waiting feedback from support and while waiting appreciate if someone have solution or experience to resolve this issue. Thanks

Sophos Enterprise Console (version: 5.0)

:26475


This thread was automatically locked due to age.
Parents
  • 0

    Hello Azwan,

    the event was not reported back to console

    first thing to check is whether it really wasn't reported - compare the Last message time (in the Computer Details tab) with the time of the detection on the server (you'll probably have to view last month's log - SAV_201206nn.txt in the ...\Sophos Anti-Virus\logs\ folder). If Last message time is recent view the Computer details and look under History.  

    Note that SEC only displays outstanding Alerts and Errors. If the threat has been dealt with you'll find it only under History. Dealt with means either cleaned up, deleted or moved - in the latter case it will show up in the Quarantine Manager but not as outstanding alert in SEC.

    Christian

    :26479
Reply
  • 0

    Hello Azwan,

    the event was not reported back to console

    first thing to check is whether it really wasn't reported - compare the Last message time (in the Computer Details tab) with the time of the detection on the server (you'll probably have to view last month's log - SAV_201206nn.txt in the ...\Sophos Anti-Virus\logs\ folder). If Last message time is recent view the Computer details and look under History.  

    Note that SEC only displays outstanding Alerts and Errors. If the threat has been dealt with you'll find it only under History. Dealt with means either cleaned up, deleted or moved - in the latter case it will show up in the Quarantine Manager but not as outstanding alert in SEC.

    Christian

    :26479
Children
No Data