All of our Windows Servers suddenly started displaying empty Endpoint Protection logs on the Servers themselves. The UTMs look normal. It happened sometime between 30 July 2017 at 13:00 UTC, and 1 August 2017 at 01:00 UTC. (Local time: between Sunday, 30 July 2017 at 6:00 AM PDT and Monday afternoon 31 July 2017 at 17:00 PDT.)
To see the logs, I do the following:
* Launch the Sophos Endpoint Protection and Control application.
* Click on "View anti-virus and HIPS log."
Normally I see a list showing the results of the nightly anti-virus scans. I saw good logs on Sunday morning for two different servers, which run different versions of Windows Server and are kept fully updated. By Monday afternoon (a few hours ago), the log windows were empty.
I checked other servers, and the same thing is true on all of them - the logs are empty. Those servers are in a completely different location. The groups of servers are completely independent of one another, and all show the same empty log windows. I found another way to view the previous night's log on one server, and it looks normal.
I think there is a bug in the Windows version of Sophos Endpoint Protection, which must have been updated on Sunday (30 July 2017) or perhaps on Monday. I suspect that it wiped the logs, or the buggy version of Endpoint Protection refuses to display them.
Can someone else confirm this issue, please?
This thread was automatically locked due to age.