Server Events

The Events tab in a server's details page lets you see events detected on the server.

You can see details and, in some cases, take action to prevent unwanted detections.

The list includes:

  • Sev: Hover over an icon to see what it means.
  • Type: An icon shows which Sophos agent reported the event. Hover over it to see what it means.
  • Details: This link (for some events) lets you get further details and take action.

View Events Report: Shows events arranged by type and a graph of events day by day.

On this tab, you can also see details of events on guest VMs (if you're using Sophos for Virtual Environments.

You may notice that an event has a later timestamp than the Last active timestamp shown for the server on the Servers page. This is because the Last active timestamps are refreshed only once an hour on average.

Stop detecting an application

If an application is reported as malware but you know it's safe, you can allow it from the events list.

For help with deciding whether an application is safe, see How to investigate and resolve a potential False Positive or Incorrect Detection.

Click the Details link beside the event and then allow the application.

Note This currently applies only to malware events reported by Intercept X.

Stop detecting an exploit

You can exclude an application from exploit detection, either in response to a detection or in advance of any detection.

For help on how to do this see Stop detecting an exploit.

Stop detecting ransomware

If ransomware is detected but you're sure the detection is incorrect, you can stop it happening again.

This will apply to all your users and computers.

  1. On the Events tab, find the detection event and click Details.
  2. In Event details, look for Don't detect this again.

    Select Exclude this Detection ID from checking. This prevents this detection on this app.

  3. Click Exclude.

We'll add your exclusion to the Global Exclusions list.

Events on guest VMs

If the server is a Sophos security VM, click See all events (on the right of the page) to change to a view where you can see which guest VM the event occurred on.

If you have enabled guest VMs to migrate between Security VMs, a threat detection might remain in the events list here even if the guest VM has migrated and the threat has been cleaned up elsewhere.