Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 8451 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Please Help in regards to EPSEC 4.0

Firoz
Hi Team, I need on the below queries Maximum capacity of quarantine zone is 200 items can we increase it???? When event errors for any node reaches more than 1000 then it throws a specific transient error while trying to open the status window of that node from the console. For example :; If a desktop is badly infected with sality and we have installed Sophos AV it detects 1000+ virus but when we open it at the client end error like the no. of item on this page is maximum than the quarantine manager can display Quarantine manager has started discarding the older items. It opens but ask you to clean only the first 200 at a time and when we try to open the same machine on EPSEC 4 Console the machine almost die and process very slow. Also i want to know whether we can change the database as currently i am using the SQL express for EPSEC and want to shift it to SQL 2005 for more mangement Regards Baig Firoz
:1912


This thread was automatically locked due to age.
  • 0

    Hello Baig Firoz,

    correction: it's Community, not Team :smileyhappy:

    As to the client's quarantine manager see [...]loss of detected items from quarantine manager list[...]

    To deal with the events in SEC's database use something like this from a command window on the database server:

    osql -E -S . -d SOPHOS4 -Q "DELETE FROM Threats WHERE FirstDetectedAt<'yyyy-mm-dd 00:00:00.00' and Outstanding=0 and ComputerID=(SELECT ID FROM ComputersAndDeletedComputers WHERE NAME='cccccccc')"

    with the desired values for yyyy-mm-dd and cccccccc.

    This will delete all threats entries before the specified date for the named computer that have been acknowledged - this information will no longer be available for reporting . If you omit the and Outstanding=0 it will delete the entries whether they've been dealt with in SEC or not. As the items will be move to the ThreatsArchive table after I think some 30 days you might also want to clean these (but of course the information will also no longer be available for reporting). So use at your own discretion!

    There are (IMO - since I didn't test it) several ways to "replace" the database. Depends on your level of expertise, courage :smileywink: and whether downtime should be a minimum.

    Christian

    :1923
  • 0

    The command is missing an instance. It should have .\sophos rather than just a full stop so it would be:
    osql -E -S .\sophos -d SOPHOS4 -Q "DELETE FROM Threats WHERE FirstDetectedAt<'yyyy-mm-dd 00:00:00.00' and Outstanding=0 and ComputerID=(SELECT ID FROM ComputersAndDeletedComputers WHERE NAME='cccccccc')"

    Cheers
    Paul