This article provides information on the various log files used by each of the Sophos Central Endpoint components. The presence of the log files will depend on whether the specific component is installed or active.
The following sections are covered:
Applies to the following Sophos products and versions Central Endpoint Standard 11.5.11Central Endpoint Advanced 11.5.11Central Intercept X 11.5.11
C:\ProgramData\Sophos\Sophos Data Control\logs
C:\ProgramData\Sophos\Sophos Data Protection\Logs
C:\ProgramData\Sophos\Sophos Device Control\logs
Scans the file for reputation, machine learning and AppID.
C:\ProgramData\Sophos\Sophos File Scanner\Logs
Sends regular reports of its security status to the Sophos Firewall. In case the endpoint is compromised, its network access will be restricted.
C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs
Detects network-based threats.
C:\ProgramData\Sophos\Sophos Network Threat Protection\Logs
C:\ProgramData\Sophos\Sophos Tamper Protection\logs
Protects against threats from malicious websites.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.