Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 19026 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Delete Blocked Websites history

ebes24

Hi all,

I have just had a colleague come into my office saying that his son was using his company laptop and he thinks he may have got a virus on it.

After removing a few malware trojans and looking in the Enterprise Console I have noticed some blocked websites in the list which he must have been trying to attempt to access.

He is a good friend of mine and I know I should not do it, but is there a way of removing the list of blocked websites in his computer details from the Enterprise Console?

Your help is appreciated.

Thanks

:12719


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    The first thing I would do is take a backup of the database using backupdb.bat as found in the DB directory of Enterprise Console.

    Then, establish the computer id of the computer for which you wish to delete the events.

    To do so the SQL command:

    select * from Events e right join Events_WebFilteringData ew on e.ID = ew.EventID

    This will help you find the computer id of the machine that reported the threat.
     

    You could add an extra where clause to make it easier, e.g.:


    select * from Events e right join Events_WebFilteringData ew on e.ID = ew.EventID

    where ew.BlockedSite = 'sophostest.com'

    Replacing sophostest.com with the site or sites in question.

    You can then delete from the Events table the events for that computerid of this type:

    DELETE FROM Events WHERE ComputerID = 12345 AND EventType = 6


    Replacing 12345 with the computerid for the machine as found out from the first query.

    Hope that helps.  

    FYI SAV.txt on the client also has this information.

    Regards,

    Jak

    Note: I would suggest installing Microsoft SQL Management Studio to perform the commands, you could use sqlcmd but it's a bit of a fiddle.

    :12735
Reply
  • 0

    Hi,

    The first thing I would do is take a backup of the database using backupdb.bat as found in the DB directory of Enterprise Console.

    Then, establish the computer id of the computer for which you wish to delete the events.

    To do so the SQL command:

    select * from Events e right join Events_WebFilteringData ew on e.ID = ew.EventID

    This will help you find the computer id of the machine that reported the threat.
     

    You could add an extra where clause to make it easier, e.g.:


    select * from Events e right join Events_WebFilteringData ew on e.ID = ew.EventID

    where ew.BlockedSite = 'sophostest.com'

    Replacing sophostest.com with the site or sites in question.

    You can then delete from the Events table the events for that computerid of this type:

    DELETE FROM Events WHERE ComputerID = 12345 AND EventType = 6


    Replacing 12345 with the computerid for the machine as found out from the first query.

    Hope that helps.  

    FYI SAV.txt on the client also has this information.

    Regards,

    Jak

    Note: I would suggest installing Microsoft SQL Management Studio to perform the commands, you could use sqlcmd but it's a bit of a fiddle.

    :12735
Children
No Data
Unfiltered HTML