Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=computer-events

Computer Events

The Events tab in a computer's details page displays events detected on the computer.

You can see details and, in some cases, take action to prevent unwanted detections.

  1. Go to My Environment > Computers & Servers.

    Alternatively, go to My Products > Endpoint > Computers.

  2. Click the name of the computer you want to view details for.

  3. Click Events to see the events detected on the computer.

    The list includes the following information:

    • Sev: Hover over an icon to see what it means.
    • Type: An icon shows which Sophos agent reported the event. Hover over it to see what it means.
    • Details: This link lets you get further details and take action. The Details option may not be available for all events.

Click View Events Report to show events arranged by type and a graph of events day by day.

You may notice that an event has a later timestamp than the Last active timestamp shown for the computer on the Computers page. This is because the Last active timestamps are refreshed only once an hour on average.

Stop detecting an application

If an application is reported as malware but you know it's safe, you can allow it from the events list.

For help with deciding whether an application is safe see How to investigate and resolve a potential False Positive or Incorrect Detection.

Click the Details link beside the event and then allow the application.

Note

This currently applies only to malware events reported by Sophos Endpoint.

Stop detecting an exploit

You can exclude an application from exploit detection, either in response to a detection or in advance of any detection.

For help on how to do this see Stop detecting an exploit.

Stop detecting ransomware

If ransomware is detected but you're sure the detection is incorrect, you can stop it happening again.

This will apply to all your users and computers.

  1. On the Events tab, find the detection event and click Details.

  2. In Event details, look for Don't detect this again.

    Select Exclude this Detection ID from checking. This prevents this detection on this app.

  3. Click Exclude.

We'll add your exclusion to the Global Exclusions list.