Sophos Central Policy Deep Scan logs

I created a Threat Protection Policy and enabled Deep scan and Scheduled it for only one file server.

Today, I'm trying to find the log of the scan and see if it deleted or quarantined anything. Where can I find this?

Updated the tags
[edited by: Gladys at 1:30 PM (GMT -8) on 4 Mar 2024]
  • Hi Ali,

    Thanks for reaching out to the Sophos Community Forum. 

    If anything is detected while a scan is ongoing, you will see detections show up in Sophos Central, the same way they would be displayed if they were picked up by on-access scanning. 

    Logs can be found at "C:\ProgramData\Sophos\Endpoint Defense\Logs\". The default log level will only record errors or warnings. 

    If you wish to see further details on what is being scanned, you can use the "Tools" section of the Endpoint Self-Help tool to increase the log level under "SSPService.exe" in the "Product Logging" section. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids