Employees looking at log files

Updated based on the previous post here: https://www.reddit.com/r/sophos/comments/dhuwui/employees_looking_at_sophos_log_files/

TLDR: they requested my log files and program files and i’d shared them early last week. Have been on soccer streaming sites and computer flagged a Mal/Autoinf-a

They’ve now asked me to re-run the file. I received the below last week. We just need to rerun the SDU scan on your computer as the last results did not contain the files that Ciphertechs were looking for They have said to browse to: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Diagnostic Utility Run the Sophos Diagnostic Utility Accept the EULA and click continue Wait for the log collection to complete (can take up to 30m) and select Archive logs and send to SophosFill out the details and click on Locate archive xxxx Save at this location: C:\Users<username>\AppData\Local\Temp\sdu Once you have the log package it will be placed in the temp directory – use sharefile/proofpoint to send the file and attach to the case. Does this suggest they haven’t got the right file initially? Or that they want to do further digging? If my laptop was to not come back to work with me next week, would this be better for me or make the situation worse?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s