This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Log manipulation

I have the feeling that one of the endpoint users deleted entries in the SAV.txt ...is this possible and/or will this be notified by tamper protection?

This thread was automatically locked due to age.

0 QC over 6 years ago

Hello Alex Myrepsos,

if the user has admin rights this is normally possible.
Sophos Endpoint Defense (aka Enhanced Tamper Protection) should protect %ProgramData%\Sophos\ from manipulation though (please see the relevant integrity.dat files that exist whether SED is enabled or not).

Christian
Cancel
Vote Up 0 Vote Down

Cancel