Set up device control alerts and messages

Sophos Enterprise Console uses events and messages to report when a controlled device is detected or blocked.

If you use role-based administration:

  • You must have the Policy setting - device control right to edit a device control policy.
  • You cannot edit a policy if it is applied outside your active sub-estate.

When device control is enabled, the following events and messages are logged or displayed by default:

  • Device control events are logged on the workstation.
  • Device control events are sent to Sophos Enterprise Console and can be viewed in the Device Control - Event Viewer. (To open the event viewer, on the Events menu, click Device Control Events.)
  • The number of computers with device control events over a specified threshold within the last seven days is displayed on the Dashboard.
  • Desktop messages are displayed on the workstation.

You can also configure Sophos Enterprise Console to send the following messages:

Email alerts

An email message is sent to the recipients that you specify.

SNMP messages

An SNMP message is sent to the recipients specified in your anti-virus and HIPS policy settings.

To set up device control messaging:

  1. Check which device control policy is used by the groups of computers you want to configure.
  2. In the Policies pane, double-click Device control. Then double-click the policy you want to change.
  3. In the Device control policy dialog box, on the Messaging tab, desktop messaging is enabled by default. To further configure messaging, do the following:
    • To enter a message text for desktop messaging, in the Message text box, type a message that will be added to the end of the standard message.

      You can enter a maximum of 100 characters. You can also add an HTML link to the message, for example, <a href="http://www.sophos.com">About Sophos</a>.

      Note User-defined desktop messages are not displayed on computers running Windows 8 or later.
    • To enable email alerting, select the Enable email alerting check box. In the Email recipients field, enter the email addresses of the recipients. Separate each address with a semicolon (;).
    • To enable SNMP messaging, select the Enable SNMP messaging check box.

    The email server and SNMP trap settings are configured using the anti-virus and HIPS policy.