Event Log Messages

Question

I keep getting the following Event Log messages from SAVOnAccess:

File \Device\HarddiskVolumeShadowCopy38\pagefile.sys not checked. Files larger than 4GB are not supported by on-access scanning.

Also on lots of other files greater than 4GB.

1 - Should this be checking the pagefile.sys?

2 - How do I surpress these event log messages, I know Sophos does not check files greater than 4GB. I keep getting the messages everytime I backup my system. I have <Configure>,<Messaging>,<Event Log> set to record events, but I do NOT have "Scanning Errors (e.g. access denied)" ticked.

This thread was automatically locked due to age.

QC · Accepted Answer

Here are the results ...

You can't exclude a path like \Device\HarddiskDmVolumes\... If you can determine the path with the drive letter (e.g. E:\CA\DSM\logs\ ) excluding it (don't forget the trailing backslash) indeed works (as does as already said the file pattern).

The only remaining question is, why this message is in the Informational category and thus can't be suppressed using the AV policy.

Christian :3345