This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is Sophos Data Recorder?

There does not seem to be any information on what the component is and does. Can anyone explain, and with as many details as possible? (I will take whatever I can get though)



This thread was automatically locked due to age.
Parents Reply Children
  • Taking a look at the Sophos Data Recorder service ("C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe") it appears to use the "NT Kernel Logger" event trace session and creates once called SophosDataRecorderKernelTrace.  



    Process Monitor creates"PROCMON TRACE", Process Explorer creates "PROCEXP TRACE", etc..

    The SophosDataRecorderKernelTrace uses a number of providers I assume to monitor events it's interested in.  You can see this looking at the above session properties.

    This data (types of data collected) appears to be in files stored here: "C:\ProgramData\Sophos\Sophos Data Recorder\data\") is presumably correlated when there is an event (beacon), E.g. detect eicar, into the data that feeds the RCA reports in Central, i.e. the data behind the artifacts and the info used to create the visualisations.

    It logs to:
    C:\ProgramData\Sophos\Sophos Data Recorder\logs\sdr.log