Apples to Sophos Home for Windows computers
The following article describes how to enable and disable debug logging for Sophos Anti-Virus. These steps may be necessary to further investigate issues with the antivirus software, as instructed by Sophos Home support.
WARNING: The logging should only be used for debugging purposes and should not be left enabled for long periods, as it greatly increases the size of the log file (SAV.txt).
As soon as the logs are collected, disable debugging and re-enable Tamper protection to ensure security.
Note: The procedure requires modifying the system registry.
- Turn off Tamper Protection as described here
- Hit Start and type regedit to launch the Registry editor
- Navigate to >HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services >SAVOnAccess
- Right click on the screen the following options should be available Click New > DWORD (32-bit) Value.
- Name the DWORD LogFlags then enter the following data value 000000FF.
- Click Start and type Services.msc and press Enter.
- Scroll down to Sophos Anti-Virus service, right-click this and choose Restart.
- Debug logging will now be recorded in the SAV.txt file in the following folder
- C:\ProgramData\Sophos\Sophos Anti-Virus\logs
- After having reproduce the problem and collect the logs
- Follow the Disable debug logging steps to prevent your hard drive from filling:
Disable debug Logging
- Repeat Step 2 to navigate to the SavOnAccess registry location
- Right click on the DWORD: LogFlags and delete it.
- Repeat steps 5 and 6 from the previous instructions.
- Turn tamper protection back on as described here