Intercept X - SDU Tool - Troubleshooting Files Excluded
While working with Support we provided the SDU logs for investigation. Sophos Support came back and requested some additional files not captured as part of the SDU tool. Please add an option in the SDU to include these sources.
To obtain these files we needed to disable Tamper Protection, and copy the files ourselves.
From Sophos Support:
To further progress, we will also require you to copy, zip, and upload the following directories to our FTP. The reason we require these folders is because they contain the snapshots of the event in a .tgz format which our SDU tool does not gather by default
C:\ProgramData\Sophos\Sophos System Protection\
C:\ProgramData\Sophos\Sophos Data Recorder\ [If this folder does not exist do not worry about this]