We'd love to hear about it! Click here to go to the product suggestion community
We could see a button Diagnose from console end to collect and send logs directly to Sophos.
But may we know that Will they be sent if logged in user don't have access over Temp folder as created logs are stored in Temp folder.
Balarama Kishore Yerra
The command is initiated by the MCS Agent service, so runs as local system, so \windows\temp\ is likely to be used.
I'm pretty sure you will find the log under \windows\temp\sdu\
In reply to jak:
Yes , they are stored under \windows\temp\sdu\ folder.
But my query is will they be uploaded to Sophos when will click diagnose from console end and when user don't have access to that folder
In reply to balaramyerra:
Hello Balarama Kishore Yerra,
please see Sophos Diagnostic Utility (SDU) - How to run from Sophos Central that says ... and to automatically be uploaded to a Sophos address without the need to visit the device itself. So no user interaction or access to the folder is required.
The zip file will be uploaded to Sophos at the end. It will be sent by "C:\Program Files (x86)\Sophos\Sophos Diagnostic Utility\uploader.exe"https://community.sophos.com/kb/en-us/133466
I'm not sure what you're getting at regarding the user having access?MCS Client service (MCSClient.exe) picks up the action message from Central to run a diagnose task. It passes a message to the MCS Agent service (MCSAgent.exe). The Agent process is running as local system and creates the process:"C:\Program Files (x86)\Sophos\Sophos Diagnostic Utility\uploader.exe" -uploadurl sdu-feedback.sophos.com/.../[endpointid]_[Date Time].zipUploader then calls:"C:\Program Files (x86)\Sophos\Sophos Diagnostic Utility\sducli.exe" -logdir=C:\WINDOWS\TEMP\sdu\ -archive=[endpointid]_[Date Time].zip
Sducli.exe creates the zip file given the filename and path. At the end the zip is uplaoded to https://sdu-feedback.sophos.com by uploader.exe.
If you want to be able to generate the zip files (i.e. drop them to disk) but not send them, I guess you'd have to block https://sdu-feedback.sophos.com in some way.
In reply to QC:
Thanks for your answer and may we know when will the diagnose feature will be included for MAC Device.