View tamper protection events

There are two types of tamper protection event:

  • Successful tamper protection authentication events, showing the name of the authenticated user and the time of authentication.
  • Failed attempts to tamper, showing the name of the targeted Sophos product or component, the time of the attempt, and the details of the user responsible for the attempt.

To view tamper protection events:

  1. On the Events menu, click Tamper Protection Events.
    The Tamper Protection - Event Viewer dialog box appears.
  2. In the Search period field, click the drop-down arrow and select the period for which you want to display the events.

    You can either select a fixed period, for example, Within 24 hours, or select Custom and specify your own time period by selecting the starting and ending dates and times.

  3. If you want to view events of a certain type, in the Event type field, click the drop-down arrow and select the type of event.

    By default, the event viewer displays events of all types.

  4. If you want to view events for a certain user or computer, enter the name in the respective field.

    If you leave the fields empty, events for all users and computers will be displayed.

    You can use wildcards in these fields. Use ? for any single character and * for any string of characters.

  5. Click Search to display a list of events.

You can export the list of events to a file. For details, see Export the list of events to a file.