Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UI.exe: Why am I getting warnings for old Alerts & why are some Alerts not displayed in Alerts overview in Sophos Admin Interface?

Florian Stöffelmayr

Here, there is a resolved Warning from 2017 (!), still Sophos Client UI is showing an Alerts...

Whats more, it does not show an Alert in Sophos Central Admin:

in the Device view, it tells:

I thought there is no quarantine any more which can be manually deleted? How to resolve this?

 

Same Here with exploits:

ESH tool tells everything is ok:

Central Admin, too:

Still, the Customer would see the Red ! in that case.. Why is this? An where would I get more Information about the "Threat could not be resolved" message? Google Chome has been (auto) updated since February, so I guess there is no exploit any more?

 

Similary, I do get Alerts in for example Central Admin Server Devices Overview:

but these are not visible under the General Alerts overview https://cloud.sophos.com/manage/alerts_v1

Why is that?



This thread was automatically locked due to age.
  • 0

    Edit: I think I partly found the Answer: Its all about the events database not being purged.

    I read elsewhere that it should be purged automatically every 90 days, but this is not the case in my 2017(!) event.

     

    To resolve this, I used the solution by Arno Zielke. Though I guess this is not really an applicable thing for admins of thousands of computers..

     

    Steve Custer wrote a powershell function to do the same, which would be an applicable way to resolve it on many Computers at once, providing you can also automatically get the tamper protection password for each Device...