Information on Windows Log Files for Endpoint Security and Control

  • Article ID: 43391
  • Rating:
  • 8 customers rated this article 3.1 out of 6
  • Updated: 04 Sep 2014

This article provides information on the various log files used by each of the Sophos Endpoint Security and Control components. The presence of the log files below will depend on whether the specific component is installed or active. For server-side log files see article 116523

Jump to the relevant component using the following links:

Sophos Anti-Virus

SAV.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Anti-Virus\logs\
Description On-access scanner log
Maximum of 8 logs in rotation

<scheduledscanname>.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Anti-Virus\logs\
Description Virus scan log, generated each time a scheduled scan is run.

Sophos Anti-Virus CustomActions Log_yyyymmdd_hhmmss.txt
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Log of the anti-virus installation.

Sophos Anti-Virus Install Log_yyyymmdd_hhmmss.txt
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Log of the anti-virus installation.

SophosBootTasks.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Anti-Virus\logs\
Description Logs actions taken by the temporary Sophos Cleanup Service

Sophos AutoUpdate

alc.log
Location Windows 2000/XP/2003: C:\Program Files\Sophos\AutoUpdate\Logs\
Windows Vista and above: C:\ProgramData\Sophos\AutoUpdate\Logs\
Description

Sometimes referred to as the 'AutoUpdate log'. This file contains logging information relating to the update of system components. You must use the 'Sophos log viewer' to read this file (launch from Sophos Endpoint Security and Control by clicking on 'View Updating Log') . Log level can be set in the Sophos Enterprise Console in the updating policy for a group. On the logging tab select 'Normal' or 'Verbose'.


alupdate.log
Location Windows 2000/XP/2003: C:\Program Files\Sophos\AutoUpdate\Logs\
Windows Vista and above: C:\ProgramData\Sophos\AutoUpdate\Logs\
Description A more verbose log than alc.log. Contains detailed information of each update.
Maximum of 4 logs in rotation.

Sophos AutoUpdate install log.txt
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Sophos AutoUpdate installation log.

Sophos Remote Management System

Agent-yyyymmdd-hhmmss.log
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\Logs
Windows Vista and above: C:\ProgramData\Sophos\Remote Management System\3\Agent\Logs
Description Remote Management System agent log
Maximum of 8 logs in rotation. Rotation occurs on each start of the Sophos Agent service.

Router-yyyymmdd-hhmmss.log
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Router\Logs
Windows Vista and above: C:\ProgramData\Sophos\Remote Management System\3\Router\Logs
Description Log of the management agent's message router activity
Maximum of 8 logs in rotation. Rotation occurs on each start of the Sophos Message Router service.

Sophos RMS install log_yyyymmdd_hhmmss.txt
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Log of the management system installation

Sophos Client Firewall

op_data.mdb
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Client Firewall\Logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Client Firewall\Logs\
Description Sophos Client Firewall log. You must use the Sophos Client Firewall Log viewer to view this

Sophos Client Firewall install log.txt
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Sophos Client Firewall installation log

Sophos Client Firewall CustomActions Log.txt
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Sophos Client Firewall custom actions log

Sophos Data Control

DataControl.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Data Control\logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Data Control\logs\
Description Sophos Data Control log. Verbose logging can be enabled as per article 112228
Maximum of 4 logs in rotation.

Sophos Device Control

DeviceControl.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Device Control\logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Device Control\logs\
Description Sophos Device Control log
Maximum of 4 logs in rotation by default. This can be changed under 'Configure Sophos Device Control' in Sophos Endpoint Security and Control.

Sophos Web Intelligence

Sophos Web Intelligence Install.log
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Log of the Sophos Web Intelligence installation

Sophos Patch Control

SophosPatchInstall_yyyymmdd_hhmmss.log
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description Sophos Patch installation log

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_session.log
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Patch Control\Logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Patch Control\Logs\
Description Sophos Patch Control session detailing communication between client and server
5 logs in rotation. Rotation occurs when service restarts.

Sophos Tamper Protection

TamperProtection.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Tamper Protection\logs\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Tamper Protection\logs\
Description Sophos Tamper protection activity log

Sophos Management Communications System

MCSClient.log
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Management Communications System\Endpoint\Logs\
Windows Vista and above: C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\
Description Log of communications between MCSClient and Sophos Live Connect and notifications sent to MCSAgent

MCSAgent.log
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Management Communications System\Endpoint\Logs\
Windows Vista and above: C:\ProgramData\Sophos\Management Communications System\Endpoint\Logs\
Description Processing of information and policies received by MCSClient

Sophos MCS Install Log.txt
Location C:\WINNT\Temp\ or C:\Windows\Temp
Description MCS Installation Log

Sophos Full Disk Encryption

BootLog.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Safeguard Installers\InstallCache\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Safeguard Installers\InstallCache\
Description Non-msi installer file covering installation process, pre-reqs and install actions

MsiClientLog.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Safeguard Installers\InstallCache\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Safeguard Installers\InstallCache\
Description MSI installer log file

MsiPreReqLog.txt
Location Windows 2000/XP/2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Safeguard Installers\InstallCache\
Windows Vista and above: C:\ProgramData\Sophos\Sophos Safeguard Installers\InstallCache\
Description MSI installer log file covering pre-installation tasks prior to disk encryption being installed

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments