Suppressing Event ID driver errors on endpoint computers

  • Article ID: 54229
  • Rating:
  • 8 customers rated this article 1.8 out of 6
  • Updated: 29 Nov 2013

You can use the command line tools ExportConfig.exe and ConfigCID.exe to suppress Sophos Anti-Virus driver errors from being listed in the Windows Event Log on your client computers.

An example driver error would be seen when the Source is 'SAVOnAccess'.

Note: The errors will still appear in the SAV.txt log file.

What To Do

  1. Identify the Event ID for the error code

    Check the client computer's Event Log for the Sophos Anti-Virus Event ID error you wish to suppress.

  2. Export the configuration file

    Use ExportConfig.exe to export your current Sophos Anti-Virus configuration to the file savconf.xml.

  3. Edit the configuration file

    1. Find your savconf.xml file in your Central Installation Directory (CID).

    2. Open the file savconf.xml in Notepad++ or an XML editor.

    3. In the Format menu, disable 'Word Wrap'.

    4. Scroll down to the bottom of the file. Just above the tag '</config>', copy and paste the following text, changing the Event ID code as required. Do not insert line breaks. In this example, we use Event ID 63.

      <inst:install xmlns:inst="" xmlns="">

    5. Save the savconf.xml file.

  4. Implement the changes

    Use ConfigCID.exe to implement the changes you have made.

Reversing the changes

To reverse the changes, update the copy of the file savconf.xml in your CID by deleting the error code entries that you added, but leave the outer tags:


Then re-run ConfigCID.exe. The customization will be removed the next time Sophos Anti-Virus updates.


Further information
If you want to exclude multiple Event IDs, use the following XML format:


If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent