Option to Clear "events.db" or address old Alerts not displaying in events anymore.
There needs to be a way to deal with old Alerts and Warnings which have gone past the displayable events logs. If any event is causing an endpoint to stay consistently in Red Alert or Yellow Warning state, then the event should stay persistent and never go away until addressed. There's no way to deal with these issues currently other than to uninstall/reinstall Sophos completely or follow the below instructions from Sophos. This will only clear the events log to stop the alerts from showing, but doesn't actually address the original alerts.
- Disable tamper Protection
- Stop Sophos Health service
- Navigate to folder C:\ProgramData\Sophos\Health\Event Store\Database
- Rename events.db to eventsold.db
- Restart Sophos Health service
- Kill the Sophos UI from Task Manager
- Re-launch Sophos UI.exe from C:\Program Files\Sophos\Sophos UI
Thank you for sharing the envets.db procedure.