Logs for real time scanning to create exclusions?

Hello, we have created global exclusions based on our vendors instructions for real time scanning of our infrastructure applications that we feel are safe. Now we want to create exclusions for applications/processes/files that we feel are safe on specific endpoint devices to reduce load on the devices. Are there ream time scanning logs on each system that show what files are being scanned the most? If you don't keep that level of detail what is the best way to get this information remotely from the devices? Thanks.

Added TAGs
[edited by: Qoosh at 11:44 PM (GMT -7) on 1 Jul 2022]

Parents

0 Sophos User930 over 1 year ago

You can enable logging of the Sophos File Scanner with a reg value.

The logs are verbose and you'd have to process them, i.e. the scan request/responses.

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos File Scanner\Application

DWORD LogLevel 4

Disable Tamper to se.

Restart Sophos File Scanner service.

C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log

Might provide some information you are looking for.

Thanks.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Sophos User930 over 1 year ago

You can enable logging of the Sophos File Scanner with a reg value.

The logs are verbose and you'd have to process them, i.e. the scan request/responses.

HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Sophos File Scanner\Application

DWORD LogLevel 4

Disable Tamper to se.

Restart Sophos File Scanner service.

C:\ProgramData\Sophos\Sophos File Scanner\Logs\SophosFileScanner.log

Might provide some information you are looking for.

Thanks.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data