Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=server-Lockdown-events

Server Lockdown Events

Restriction

If you use Sophos XDR Sensor, this feature isn't available.

The Lockdown Events tab in a server's details page lets you see "events" in which Server Lockdown blocked unauthorized activity on the server.

Examples of such events are: a user trying to run an unauthorized program on the server, an unknown updater trying to update files, or a user trying to modify files with a program that isn't authorized for the purpose.

To see the tab, do as follows:

  1. Go to My Environment > Computers & Servers.

    Alternatively, go to My Products > Server > Servers.

  2. Click the name of the server you want to view details for.

  3. Click the Lockdown Events tab to view the events associated with the server.

The tab is displayed only for servers that you have locked down.

To see the report, click Request Report. This creates a report on events in the previous twenty-four hours.

The list shows:

  • The event type.
  • When each event happened.
  • The Parent. This is the program, script or parent process that was active.
  • The Target. This is the file or program that was the target of the activity.