This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X / Scan Report after Full Scan

Hello everyone, we have been using Intercept X in the Sophos Central Cloud for some time. 
Here we need the ability to view a log file or a report after a self-triggered “full scan”.
This was possible in the old onPrem Sophos and client.
In the Intercept This proof is extremely important for work in a nuclear power plant. Otherwise the notebook will remain outside.
Of course that doesn't work.
Does anyone know where I can see a log file after a scan?
The timestamp of the full scan is also important.
This can be a maximum of 24 hours old.
Nothing can be found on the internet.
In contrast to the old Sophos, I basically no longer see anything on the central interface or on the client.
Thanks for your tips.



Hallo zusammen, wir nutzen seit eniger Zeit Intercept X in der Sophos Central Cloud.
Wir benötigen hier die Möglichkeit, nach einem selbstausgelösten "Full Scan" ein Logfile oder ein Report einzusehen.
In dem alten onPrem Sophos nebst Client war das möglich.
In der Intercept X sehe ich im höchstfall "Scan erfolgreich abgeschlossen" aber ohne resultat.
Für die Arbeit in einem Kernkraftwerk ist dieser Nachweis extrem wichtig. Andernfalls bleibt das Notebook draussen.
Das geht natürlich nicht.
Weiß jemand wo ich ein Logfile sehen kann, nach einem Scan ? Wichtig ist auch der Zeitstempel des Full Scans.
Dieser darf max 24 Stunden alt sein. Im Internet ist nichts zu finden.
Auf der Central Oberfläche sowie auf dem Client sehe ich im Gegensatz zu dem alten Sophos prinzipiell nichts mehr.

Danke für eure Tipps.


This thread was automatically locked due to age.
Parents
  • Hi  ,

    If you have Windows devices, the default log location for "Scheduled" and "Scan now" scans is C:\ProgramData\Sophos\Endpoint Defense\Logs and you can look at the SophosScanCoordinator.log file. Does that have the information that you need?


    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  •   Hi  ,  

      thanks for your information.    

      Unfortunately, that's not enough.    

      This is where the information used to be hidden, in the old Sophos Endpoint Protection.    

      Since Intercept X switched to the cloud, all of the logs can no longer be accessed.    

      When I try to open the "Endpoint Defense" folder, I don't have permission.    

      I'm just a user. If I use the local administrator, I can't open it either.    

      If I start Windows with the profile as local administrator and navigate there, I also lack authorization.    

      But I have full access to this directory. Where is my mistake?  

  • I assume that is tamper protection.

    If you open a CMD or PS window as admin, so it's elevated, you should then be able to open the file, e.g.

    notepad "C:\ProgramData\Sophos\Endpoint Defense\Logs\SophosScanCoordinator.log"

Reply Children