This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Events in Sophos Endpoint Eventlog

Hello,

I see strange entries in the eventlog of my the Endpoint Protection on my (and other) computers on the corporate networks. The entries are only visible locally and not in Sophos Central.

All involved computers incl. mine are status green. The involved devices are on different subnets/vlan so that this should be not an issue of broadcasts or something like this.

What could be the reason for this? How can this be investigated further (e.g. logs)? Is this even necessary or are these "normal" entries?

In the Windows Event Logs I find nothing special (maybe I need to look somewhere else ...).

Reagards,
BeEf

This thread was automatically locked due to age.

0 Sophos User930 over 3 years ago

Anything in:

C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\SntpService.log

or

C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs\SophosIPS.log

at the same time?
Cancel
Vote Up 0 Vote Down

Cancel
0 LHerzog over 3 years ago in reply to Sophos User930

you will see that, if the remote computer was restarting or updated Network Protection components.

It needs to re-establish Heartbeat to Central to be "safe" again.

The events are usually broadcasts from the other machine received by your computer.

Nothing to be concerned about.

But this can be tricky for machines in the same subnet unable to contact each other. If so, check these logs!

You can usually ignore these.

The I-X Clients show no useful administrative logs like when or what has been updated, but this is logged. I don't the understand the thoughts of who decided what logs are shown in the GUI and which not.
Cancel
Vote Up 0 Vote Down

Cancel