Sophos Endpoint Security and Control -> windows event viewer logs (on windows 2008R2 / 2012R2)

Question

I'm trying to understand if and how would it be possible to save / record Sophos Endpoint Security and Control related events / actions within the Windows Event Viewer Log -> where should I look / search for ? (basically, how to enable antivirus events / actions logging to Windows Event Viewer, under windows server 2008R2 and 2012R2)

I've tried to search on the sophos community / documentation without any success so far.

Any hint would be appreciated. Thanks

HelpingHand · Accepted Answer · 2017-01-06 20:35:17Z

1

Detections should go to the Windows Application Event log. E.g.:

Event ID 36 - Virus/spyware 'EICAR-AV-Test' has been removed.
Event ID 32 - File "C:\Users\em\Desktop\1.com" belongs to virus/spyware 'EICAR-AV-Test'.

Source: Sophos Anti-Virus

Level: Warning.

If you save the Eicar string (http://www.eicar.org/86-0-Intended-use.html) to a file called "test.com" for example, you should see the on-access scanner detect and clean it up and the above events raised.

answered Jan 6, 2017 at 20:35

HelpingHand

2,46811 silver badges15 bronze badges

Add a comment |

Stack Exchange Network

Sophos Endpoint Security and Control -> windows event viewer logs (on windows 2008R2 / 2012R2)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
anti-virus
event-viewer
sophos
.

Hot Network Questions

Sophos Endpoint Security and Control -> windows event viewer logs (on windows 2008R2 / 2012R2)

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged anti-virusevent-viewersophos.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
anti-virus
event-viewer
sophos
.