Logs for real time scanning to create exclusions?

Hello, we have created global exclusions based on our vendors instructions for real time scanning of our infrastructure applications that we feel are safe. Now we want to create exclusions for applications/processes/files that we feel are safe on specific endpoint devices to reduce load on the devices. Are there ream time scanning logs on each system that show what files are being scanned the most? If you don't keep that level of detail what is the best way to get this information remotely from the devices? Thanks.



Added TAGs
[edited by: Qoosh at 11:44 PM (GMT -7) on 1 Jul 2022]
Parents
  • You can enable logging of the Sophos File Scanner with a reg value.

    The logs are verbose and you'd have to process them, i.e. the scan request/responses.

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos File Scanner\Application

    DWORD LogLevel 4 

    Disable Tamper to se.

    Restart Sophos File Scanner service.

    C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log

    Might provide some information you are looking for.

    Thanks.

Reply
  • You can enable logging of the Sophos File Scanner with a reg value.

    The logs are verbose and you'd have to process them, i.e. the scan request/responses.

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos File Scanner\Application

    DWORD LogLevel 4 

    Disable Tamper to se.

    Restart Sophos File Scanner service.

    C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log

    Might provide some information you are looking for.

    Thanks.

Children
No Data