Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 956 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible to find version update numbers in logs?

Craig Withers

We received a false positive CryptoGuard alert over a week ago, and despite confidence that it's nothing to worry about, our team is still being asked to look into it.

Is there an easy, or at least straightforward, way for us to look back through one of the many, many logs generated by Sophos to see what version(s) were running on a specific date?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Can you do it - yes. Is it easy - no.

    You would have to look at the AutoUpdate logs plus the install logs in the %TEMP% folder to see the installation actions and correlate that to the date in question.

  • 0 in reply to FormerMember

    Okay, thanks for the pointers. What exactly should I be looking for in the AutoUpdate logs?

  • FormerMember
    0 FormerMember in reply to Craig Withers

    You would be looking for the install lines. Here is an example of a sequence where no update to the product was needed:
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Installing products.
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A 1.6.56
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 3.0.0.1654
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 6.9.360
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE 1.11.71.71
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 3.8.3.669
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 4.14.353.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD 2.7.28.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 3D8DC0A9-7F42-4CD5-AA7B-CF29296E7789 3.9.8.10
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC 1.8.24.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 2.3.150.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E 1.7.79
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A 1.7.4.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F 3.1.9.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 8087796B-2289-4897-98A5-58FF23DAAFD0 1.14.661.0
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component BA3387BB-AE88-4403-A36D-F8C0E0B6AEB2 1.3.23.0
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 1.2.0.17
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.11.22
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component F1DAD925-C973-4e5e-B172-78E97EB60689 2.1.182.0
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component LiveQuery64 3.3.0.267
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component MTR64 2.2.0.15
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component SDU 6.9.410
    2021-10-06T16:18:04.977Z [23428:10632] [v6.9.359] INFO Telemetry Interval set to 86400 seconds

    So, if you're lucky, the time window you are interested falls between one of these sequences. If it doesn't, then you will have look through the log for the time window and find the install action. Then go to the temp dir and see the corresponding component install log to get the actions. 

    However, if all you care about is the final version numbers - you will see that in the AutoUpdate log.

Reply
  • FormerMember
    0 FormerMember in reply to Craig Withers

    You would be looking for the install lines. Here is an example of a sequence where no update to the product was needed:
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Installing products.
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 0253775E-970D-4876-959C-21B422420E5A 1.6.56
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 1129226C-32AB-4B72-85E1-A9CC8DFBC859 3.0.0.1654
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 1FE3E7DF-EFFA-408A-A1B0-89F15BA61F31 6.9.360
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 243DECCD-8080-410D-A45F-77F2182715EE 1.11.71.71
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 244E68BF-E1BB-4A6B-AC18-A492DE0134C0 3.8.3.669
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 3799FB3E-808A-4F7D-AC6A-0C74F931C386 4.14.353.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 3CE954A1-0F41-4D9B-B2F0-58AA75334DFD 2.7.28.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 3D8DC0A9-7F42-4CD5-AA7B-CF29296E7789 3.9.8.10
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 591706A7-9603-4255-A65F-EA49BB11E8AC 1.8.24.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 5CD1A7B6-812E-47A1-A986-3A6D5D5C19F5 2.3.150.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 642A6FD9-A9D6-482D-BD8C-46661F241A0E 1.7.79
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 70FDD40E-986A-44E5-9620-2B894A06702A 1.7.4.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 7F682906-6E49-481B-89C5-2DCA36720F4F 3.1.9.0
    2021-10-06T16:18:04.974Z [23428:10632] [v6.9.359] INFO Skipped installation of component 8087796B-2289-4897-98A5-58FF23DAAFD0 1.14.661.0
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component BA3387BB-AE88-4403-A36D-F8C0E0B6AEB2 1.3.23.0
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component CD297D6B-58A5-474F-8A0D-0A15803B8B50 1.2.0.17
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component E17FE03B-0501-4aaa-BC69-0129D965F311 10.8.11.22
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component F1DAD925-C973-4e5e-B172-78E97EB60689 2.1.182.0
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component LiveQuery64 3.3.0.267
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component MTR64 2.2.0.15
    2021-10-06T16:18:04.975Z [23428:10632] [v6.9.359] INFO Skipped installation of component SDU 6.9.410
    2021-10-06T16:18:04.977Z [23428:10632] [v6.9.359] INFO Telemetry Interval set to 86400 seconds

    So, if you're lucky, the time window you are interested falls between one of these sequences. If it doesn't, then you will have look through the log for the time window and find the install action. Then go to the temp dir and see the corresponding component install log to get the actions. 

    However, if all you care about is the final version numbers - you will see that in the AutoUpdate log.

Children
No Data
Unfiltered HTML