Configure Windows event logging

If you use role-based administration:

  • You must have the Policy setting - anti-virus and HIPS right to perform this task.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

By default, Sophos Endpoint Security and Controladds alerts to the Windows event log when a virus or spyware is detected or cleaned up, suspicious behavior or file is detected, or adware or PUA is detected or cleaned up.

To edit these settings:

  1. In the Policies pane, double-click the anti-virus and HIPS policy you want to change.
  2. In the Anti-virus and HIPS policy dialog box, click Messaging.
  3. In the Messaging dialog box, go to the Event log tab.

    By default, event logging is enabled. Edit the settings, if appropriate.

    Scanning errors include instances when Sophos Endpoint Security and Control is denied access to an item that it attempts to scan.