Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 14023 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can you remove event counts for Inappropriate Website Control?

SamAnders

Hi,

Recently new to end point security and control version 10 and we have enabled the default policy for Inappropriate Website Control.

For the last couple of weeks we have been testing with some sites we know should be blocked and all works as per the policy however now that we want to roll this out to the end users is there a way to remove these event counts that have been used on some end users accounts during the testing period?

Would be a bit mean for us to enforce a report with some people already being flagged as visiting inappropriate websites they where part of the UAT testing....

Any suggestions? i have had a quick search in the forums but not been able to find any details (could be i am using the wrong search terms...)

Thanks in advance

Sam

:26317


This thread was automatically locked due to age.
  • 0

    Hello Sam,

    I'm not aware of a supported interface. You should not manipulate the database directly (if you do, back it up before - and don't expect you can merge any data lost at a later time, all you can do is reset it to the previous state).

    So - you've read the above, didn't you? Web events are stored in [dbo].[Events_Web] which contains Web Intelligence and Web Control events. The latter are identified by having a non-zero value in  [Category] and either 2 (means blocked/warned by category) or 4 (blocked explicitely) for [Reason] (not sure if 3 or others are used and what for - maybe Full Web Control).

    HTH

    Christian

    :26321
  • 0

    Hi,

    Thank you for the quick response, its a shame there is no supported interface i guess one reason is you would not want people who have access to be able to delete their tracks but i would have thought there would be a way for higher admins to be able to make changes for what ever reason.

    I see the DB note and whilst that is one method not sure i want to mess with that, more so being new to the product i dont want to break anything else due to lack of knowledge.

    I wonder if support would be able to assist?

    Thank you for the reply i will take note and if it comes to it this might have to be the only way

    Thanks

    Sam

    :26323
  • 0

    Thanks for the kudos, Sam.

    be able to delete their tracks

    Guess that's not the main reason. Being able to arbitrarily delete events and alerts means that you could inadvertently delete data you might be interested in later (only to find that they are gone for good). There is an interface (PurgeDB.exe) with which you can delete Web Events (but you can't select just Web Control though). While the example has no specific warning attached (there's the general Warning: You must ensure that the database is backed up before using this tool near the top) the description for -action=delete says: The "delete" action should only be used when specifically asked to do so by Sophos Technical Support.. So you might want ask Support to ask you to use it :smileywink:.

    Christian

    :26327
  • 0

    Hi Christian, 

    Well in my office i have a few young guys who would maybe tempeted to cover tracks if they knew something could be used... LOL

    PurgeDB sounds like an option being that the current data is from UAT we could loose that so again thank you for the heads up on that option, will have a read over tonight and see the best method

    Thanks

    Sam

    :26329