Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

If nothing shows in ATP, IPS, Zero-Day logs how do I know if it's working?

Wayne Folta

In the Firewall and SSL/TLS Inspection logs I can see positive and negative results.But I see nothing at all in the ATP, IPS, App Filter, Malware, and Zero-Day logs. Would they only show negative events -- i.e. malware in a download -- or should this tell me that I think I have them doing something and they are not? (Antivirus and IPS are shown as running in Services.)

It's possible that everything's running and examining the appropriate streams of data but there's just nothing there. That would be good. But is there any way to check that this is the case: that the appropriate data is being examined but nothing is found?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to FormerMember

    Thank you, that did exactly what I wanted. The first link causes the Zero-day and Malware logs to get entries. And it's a very fun report to look at.

    The page also provides lots of links for web filtering tests. And a file or two for (PC) Endpoint detection. (I'm on a Mac, so was unable to run it to test.)

    Any leads on IPS or ATP? IPS has more configuration (which could be done incorrectly) than the other options.

Children