"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
You can use the command line tools ExportConfig.exe and ConfigCID.exe to centrally configure the filtering of error messages returned by client workstations to Enterprise Console. This is useful if Enterprise Console performance has become affected by huge numbers of reports of a known issue.
These instructions should only be used as a temporary workaround. In the longer term, the original issue should be fixed.
Check Enterprise Console for the error code you want to filter out, and make a note of it. For example, e03d0036.
Use ExportConfig.exe to export your current Sophos Anti-Virus configuration to the file savconf.xml.
<inst:install xmlns:inst="http://www.sophos.com/SAVXP/SavInstallConfiguration" xmlns="http://www.sophos.com/SAVXP/SavInstallConfiguration"><!-- Custom settings for alerting (optional) --> <alerting> <!-- Enterprise Console alerts (optional) --> <ee> <!-- Black list of message IDs (optional) --> <blackList> <add>0xE03D0036</add> </blackList> </ee> </alerting></inst:install>
Use ConfigCID.exe to implement the changes you have made.
To reverse the changes, update the copy of the file savconf.xml in your CID by deleting the error code entries that you added, but leave the outer tags:
Then re-run ConfigCID.exe. The customization will be removed the next time Sophos Anti-Virus updates.
If you want to exclude multiple errors, use the following XML format:
<blackList> <add>0xE03D0036</add> <add>0xE03D0037</add></blackList>
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.