Skip to content

Computer Events

The Events tab in a computer's details page displays events detected on the computer.

You can see details and, in some cases, take action to prevent unwanted detections.

Go to Devices > Computers and click the computer you want to view details for. Click Events to see the events detected on the computer.

The list includes:

  • Sev: Hover over an icon to see what it means.
  • Type: An icon shows which Sophos agent reported the event. Hover over it to see what it means.
  • Details: This link (for some events) lets you get further details and take action.

View Events Report: Shows events arranged by type and a graph of events day by day.

You may notice that an event has a later timestamp than the Last active timestamp shown for the computer on the Computers page. This is because the Last active timestamps are refreshed only once an hour on average.

Stop detecting an application

If an application is reported as malware but you know it's safe, you can allow it from the events list.

For help with deciding whether an application is safe see How to investigate and resolve a potential False Positive or Incorrect Detection.

Click the Details link beside the event and then allow the application.


This currently applies only to malware events reported by Intercept X.

Stop detecting an exploit

You can exclude an application from exploit detection, either in response to a detection or in advance of any detection.

For help on how to do this see Stop detecting an exploit.

Stop detecting ransomware

If ransomware is detected but you're sure the detection is incorrect, you can stop it happening again.

This will apply to all your users and computers.

  1. On the Events tab, find the detection event and click Details.
  2. In Event details, look for Don't detect this again.

    Select Exclude this Detection ID from checking. This prevents this detection on this app.

  3. Click Exclude.

We'll add your exclusion to the Global Exclusions list.