Donat Was Here

DonatShell
Server IP : 180.180.241.3 / Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : C:/ProgramData/Sophos/AutoUpdate/Cache/sophos_autoupdate1.dir/decode/sed64/
Upload File :
[ HOME SHELL ]
Current File : C:/ProgramData/Sophos/AutoUpdate/Cache/sophos_autoupdate1.dir/decode/sed64/SophosED.man
<?xml version="1.0"?>
<instrumentationManifest xsi:schemaLocation="http://schemas.microsoft.com/win/2004/08/events eventman.xsd" xmlns="http://schemas.microsoft.com/win/2004/08/events" xmlns:win="http://manifests.microsoft.com/win/2004/08/windows/events" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:trace="http://schemas.microsoft.com/win/2004/08/events/trace">
	<instrumentation>
		<counters schemaVersion="1.1" xmlns="http://schemas.microsoft.com/win/2005/12/counters">
			<provider providerName="Sophos Endpoint Defense" providerGuid="{42ee8dc0-98ba-4455-a673-79bf514ff632}" applicationIdentity="SophosED.sys" providerType="kernelMode" callback="default">
				<counterSet name="Sophos.SED performance" symbol="SgGenericStats" guid="{ecbce2c1-8e08-41f9-b62d-980a3910e8d4}" uri="Sophos.Endpoint.PerfCounters.GenericStats" description="SED driver performance counters" instances="multiple">
					<structs>
						<struct name="GenericStats" type="SgGenericStats"></struct>
					</structs>
					<counter name="Total count" uri="Sophos.Endpoint.PerfCounters.Generic.Count" description="Total count of tracked events" id="0" defaultScale="-3" type="perf_counter_large_rawcount" detailLevel="standard" struct="GenericStats" field="Count"></counter>
					<counter name="Total elapsed time" uri="Sophos.Endpoint.PerfCounters.Generic.ElapsedTime" description="Total elapsed time for the tracked events, in 100nsec units" id="1" defaultScale="-7" type="perf_counter_large_rawcount" detailLevel="standard" struct="GenericStats" field="ElapsedTime"></counter>
					<counter name="Total size (bytes)" uri="Sophos.Endpoint.PerfCounters.Generic.TotalSize" description="Total size (in bytes) processed" id="2" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="GenericStats" field="TotalSize"></counter>
					<counter name="Average events/sec" uri="Sophos.Endpoint.PerfCounters.Generic.AvgCountSec" description="Average count of tracked events per second" id="3" type="perf_counter_bulk_count" detailLevel="standard" struct="GenericStats" field="Count"></counter>
					<counter name="% event time" uri="Sophos.Endpoint.PerfCounters.Generic.AvgTimeCount" description="Percentage of time, or alternatively average number of threads simultaneously processing the event (in %)" id="4" type="perf_100nsec_timer" detailLevel="standard" struct="GenericStats" field="ElapsedTime"></counter>
					<counter name="Count base" uri="Sophos.Endpoint.PerfCounters.Generic.CountBase" id="5" type="perf_average_base" detailLevel="standard" struct="GenericStats" field="Count32">
						<counterAttributes>
							<counterAttribute name="noDisplay"></counterAttribute>
						</counterAttributes>
					</counter>
					<counter name="Avg. elapsed time/event" uri="Sophos.Endpoint.PerfCounters.Generic.AvgElapsedTime" description="Average elapsed time per event, in 100nsec units" id="6" baseID="5" defaultScale="-7" type="perf_average_bulk" detailLevel="standard" struct="GenericStats" field="ElapsedTime"></counter>
					<counter name="Avg. bytes/sec" uri="Sophos.Endpoint.PerfCounters.Generic.AvgBytesSec" description="Average size processed (bytes) per second" id="7" defaultScale="-6" type="perf_counter_bulk_count" detailLevel="standard" struct="GenericStats" field="TotalSize"></counter>
				</counterSet>
				<counterSet name="Sophos.SED caching" symbol="SgCachingStats" guid="{96983b32-7ead-4269-b894-cbde76ef5994}" uri="Sophos.Endpoint.PerfCounters.CachingStats" description="SED driver caching stats" instances="multiple">
					<structs>
						<struct name="CachingStats" type="SgCachingStats"></struct>
					</structs>
					<counter name="Total" uri="Sophos.Endpoint.PerfCounters.Caching.Total" description="Total cache queries" id="0" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="CachingStats" field="Total"></counter>
					<counter name="Hits" uri="Sophos.Endpoint.PerfCounters.Caching.Hits" description="Hit valid entry" id="1" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="CachingStats" field="Hits"></counter>
					<counter name="Misses" uri="Sophos.Endpoint.PerfCounters.Caching.Misses" description="No entry found" id="2" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="CachingStats" field="Misses"></counter>
					<counter name="Invalidated" uri="Sophos.Endpoint.PerfCounters.Caching.Invalidated" description="Hit invalidated entry" id="3" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="CachingStats" field="Invalidated"></counter>
					<counter name="Expired" uri="Sophos.Endpoint.PerfCounters.Caching.Expired" description="Hit expired entry" id="4" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="CachingStats" field="Expired"></counter>
				</counterSet>
				<counterSet name="Sophos.SED driver state" symbol="SgStateTelemetry" guid="{310e01bb-e4c5-4b9c-9e1e-37f22af531e3}" uri="Sophos.Endpoint.PerfCounters.StateTelemetry" description="SED driver current state" instances="single">
					<structs>
						<struct name="StateTelemetry" type="SgStateTelemetry"></struct>
					</structs>
					<counter name="Boot timestamp" uri="Sophos.Endpoint.PerfCounters.BootTimestamp" description="Boot timestamp" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="StateTelemetry" field="BootTimestamp"></counter>
					<counter name="Tamper-protection enabled" uri="Sophos.Endpoint.PerfCounters.TPEnabled" description="1 if enabled, 0 if disabled" id="1" type="perf_counter_rawcount" detailLevel="standard" struct="StateTelemetry" field="TPEnabled"></counter>
					<counter name="SAV tamper-protection enabled" uri="Sophos.Endpoint.PerfCounters.SAVEnabled" description="1 if enabled, 0 if disabled" id="2" type="perf_counter_rawcount" detailLevel="standard" struct="StateTelemetry" field="SAVEnabled"></counter>
					<counter name="SED tamper-protection enabled" uri="Sophos.Endpoint.PerfCounters.SEDEnabled" description="1 if enabled, 0 if disabled" id="3" type="perf_counter_rawcount" detailLevel="standard" struct="StateTelemetry" field="SEDEnabled"></counter>
					<counter name="SAV tamper-protection ignored" uri="Sophos.Endpoint.PerfCounters.IgnoreSAV" description="1 if ignored, 0 if not" id="4" type="perf_counter_rawcount" detailLevel="standard" struct="StateTelemetry" field="IgnoreSAV"></counter>
					<counter name="Max properties per process" uri="Sophos.Endpoint.PerfCounters.MaxPropertiesPerProcess" id="5" type="perf_counter_rawcount" detailLevel="standard" struct="StateTelemetry" field="MaxPropertiesPerProcess"></counter>
					<counter name="Max properties memory per process" uri="Sophos.Endpoint.PerfCounters.MaxPropertiesMemoryPerProcess" id="6" type="perf_counter_rawcount" detailLevel="standard" struct="StateTelemetry" field="MaxPropertiesMemoryPerProcess"></counter>
					<counter name="AppId version" uri="Sophos.Endpoint.PerfCounters.AppIdVersion" id="7" type="perf_counter_large_rawcount" detailLevel="standard" struct="StateTelemetry" field="AppIdVersion"></counter>
					<counter name="ML version" uri="Sophos.Endpoint.PerfCounters.MlVersion" id="8" type="perf_counter_large_rawcount" detailLevel="standard" struct="StateTelemetry" field="MlVersion"></counter>
					<counter name="Local rep version" uri="Sophos.Endpoint.PerfCounters.LocalRepVersion" id="9" type="perf_counter_large_rawcount" detailLevel="standard" struct="StateTelemetry" field="LocalRepVersion"></counter>
					<counter name="Path whitelist version" uri="Sophos.Endpoint.PerfCounters.PathWhitelistVersion" id="10" type="perf_counter_large_rawcount" detailLevel="standard" struct="StateTelemetry" field="PathWhitelistVersion"></counter>
					<counter name="SAV version" uri="Sophos.Endpoint.PerfCounters.SavVersion" id="11" type="perf_counter_large_rawcount" detailLevel="standard" struct="StateTelemetry" field="SavVersion"></counter>
					<counter name="SSP version" uri="Sophos.Endpoint.PerfCounters.SspVersion" id="12" type="perf_counter_large_rawcount" detailLevel="standard" struct="StateTelemetry" field="SspVersion"></counter>
					<counter name="Event Journal enabled" uri="Sophos.Endpoint.PerfCounters.EJEnabled" id="13" type="perf_counter_rawcount" detailLevel="standard" struct="StateTelemetry" field="EJEnabled"></counter>
				</counterSet>
				<counterSet name="Sophos.SED process/thread/image tracking stats" symbol="SgProcessThreadImageTrackingStats" guid="{81ffc837-38c8-4a37-abb9-e06f260fe742}" uri="Sophos.Endpoint.PerfCounters.ProcessThreadImageTrackingStats" description="SED driver stats about process/thread/image tracking" instances="single">
					<structs>
						<struct name="ProcessThreadImageTracking" type="SgProcessThreadImageTrackingStats"></struct>
					</structs>
					<counter name="Total count of all processes" uri="Sophos.Endpoint.PerfCounters.TotalCountOfAllProcesses" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalCountOfAllProcesses"></counter>
					<counter name="Total count of all threads" uri="Sophos.Endpoint.PerfCounters.TotalCountOfAllThreads" id="1" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalCountOfAllThreads"></counter>
					<counter name="Total count of all processes PPID set" uri="Sophos.Endpoint.PerfCounters.TotalCountOfAllProcPPIDSet" id="2" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalCountOfAllProcPPIDSet"></counter>
					<counter name="Total count of all processes PTID set" uri="Sophos.Endpoint.PerfCounters.TotalCountOfAllProcPTIDSet" id="3" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalCountOfAllProcPTIDSet"></counter>
					<counter name="Total count of all threads PPID set" uri="Sophos.Endpoint.PerfCounters.TotalCountOfAllThreadPPIDSet" id="4" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalCountOfAllThreadPPIDSet"></counter>
					<counter name="Total count of all threads PTID set" uri="Sophos.Endpoint.PerfCounters.TotalCountOfAllThreadPTIDSet" id="5" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalCountOfAllThreadPTIDSet"></counter>
					<counter name="Max running processes count" uri="Sophos.Endpoint.PerfCounters.MaxRunningProcessCount" id="6" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="MaxRunningProcessCount"></counter>
					<counter name="Total GetCurrentSophosPid failures" uri="Sophos.Endpoint.PerfCounters.TotalGetCurrentSophosPidFailures" id="7" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalGetCurrentSophosPidFailures"></counter>
					<counter name="Total GetCurrentSophosTid failures" uri="Sophos.Endpoint.PerfCounters.TotalGetCurrentSophosTidFailures" id="8" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalGetCurrentSophosTidFailures"></counter>
					<counter name="Total GetSophosPid failures" uri="Sophos.Endpoint.PerfCounters.TotalGetSophosPidFailures" id="9" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalGetSophosPidFailures"></counter>
					<counter name="Total GetSophosTid failures" uri="Sophos.Endpoint.PerfCounters.TotalGetSophosTidFailures" id="10" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalGetSophosTidFailures"></counter>
					<counter name="Total EnumProcesses skipped" uri="Sophos.Endpoint.PerfCounters.TotalEnumProcessesSkipped" id="11" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalEnumProcessesSkipped"></counter>
					<counter name="Total EnumProcesses added" uri="Sophos.Endpoint.PerfCounters.TotalEnumProcessesAdded" id="12" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalEnumProcessesAdded"></counter>
					<counter name="Total EnumProcesses deleted" uri="Sophos.Endpoint.PerfCounters.TotalEnumProcessesDeleted" id="13" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalEnumProcessesDeleted"></counter>
					<counter name="Total EnumThreads skipped" uri="Sophos.Endpoint.PerfCounters.TotalEnumThreadsSkipped" id="14" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalEnumThreadsSkipped"></counter>
					<counter name="Total EnumThreads added" uri="Sophos.Endpoint.PerfCounters.TotalEnumThreadsAdded" id="15" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalEnumThreadsAdded"></counter>
					<counter name="Total EnumThreads deleted" uri="Sophos.Endpoint.PerfCounters.TotalEnumThreadsDeleted" id="16" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalEnumThreadsDeleted"></counter>
					<counter name="Total count of enumerations" uri="Sophos.Endpoint.PerfCounters.TotalCountOfEnumerations" id="17" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalCountOfEnumerations"></counter>
					<counter name="Total threads skipped - missing process" uri="Sophos.Endpoint.PerfCounters.TotalThreadSkippedMissingProc" id="18" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalThreadSkippedMissingProc"></counter>
					<counter name="Total threads skipped - active thread" uri="Sophos.Endpoint.PerfCounters.TotalThreadSkippedActiveThread" id="19" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalThreadSkippedActiveThread"></counter>
					<counter name="Total threads skipped - add failure" uri="Sophos.Endpoint.PerfCounters.TotalThreadSkippedAddFailure" id="20" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalThreadSkippedAddFailure"></counter>
					<counter name="Total images skipped - missing process" uri="Sophos.Endpoint.PerfCounters.TotalImageSkippedMissingProc" id="21" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalImageSkippedMissingProc"></counter>
					<counter name="Total images skipped - active thread" uri="Sophos.Endpoint.PerfCounters.TotalImageSkippedActiveThread" id="22" type="perf_counter_large_rawcount" detailLevel="standard" struct="ProcessThreadImageTracking" field="TotalImageSkippedActiveThread"></counter>
				</counterSet>
				<counterSet name="Sophos.SED pinned scan stats" symbol="SgPinnedScansStats" guid="{54b4b1a7-7524-423c-a6bc-981a503b55fd}" uri="Sophos.Endpoint.PerfCounters.PinnedScansStats" description="SED driver pinned scan stats" instances="single">
					<structs>
						<struct name="PinnedScan" type="SgPinnedScansStats"></struct>
					</structs>
					<counter name="Total pinned callbacks" uri="Sophos.Endpoint.PerfCounters.TotalPinnedCallbacks" description="Total number of pinned callbacks" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedCallbacks"></counter>
					<counter name="Total pinned scans" uri="Sophos.Endpoint.PerfCounters.TotalPinnedScans" description="Total number of pinned scans" id="1" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedScans"></counter>
					<counter name="Total pinned cached 'allow' hits" uri="Sophos.Endpoint.PerfCounters.TotalPinnedCachedAllowResultHits" description="Total number of cached 'allow' result hits for pinned scans" id="2" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedCachedAllowResultHits"></counter>
					<counter name="Total pinned cached 'block' hits" uri="Sophos.Endpoint.PerfCounters.TotalPinnedCachedBlockResultHits" description="Total number of cached 'block' result hits for pinned scans" id="3" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedCachedBlockResultHits"></counter>
					<counter name="Total pinned cached 'allow/notify' hits" uri="Sophos.Endpoint.PerfCounters.TotalPinnedCachedAllowNotifyResultHits" description="Total number of cached 'allow/notify' result hits for pinned scans" id="4" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedCachedAllowNotifyResultHits"></counter>
					<counter name="Total pinned cached 'block/notify' hits" uri="Sophos.Endpoint.PerfCounters.TotalPinnedCachedBlockNotifyResultHits" description="Total number of cached 'block/notify' result hits for pinned scans" id="5" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedCachedBlockNotifyResultHits"></counter>
					<counter name="Total pinned pre-SFS scan timeouts" uri="Sophos.Endpoint.PerfCounters.TotalPinnedPreSfsScanTimeouts" description="Total number of timeouts that occurred pre SFS" id="6" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedPreSfsScanTimeouts"></counter>
					<counter name="Total pinned pre-SSP scan timeouts" uri="Sophos.Endpoint.PerfCounters.TotalPinnedPreSspScanTimeouts" description="Total number of timeouts that occurred pre SSP" id="7" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedPreSspScanTimeouts"></counter>
					<counter name="Total pinned non-create sections" uri="Sophos.Endpoint.PerfCounters.TotalPinnedNonCreateSections" description="Total number of non-create section callbacks" id="8" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedNonCreateSections"></counter>
					<counter name="Total pinned non-exec sections" uri="Sophos.Endpoint.PerfCounters.TotalPinnedNonExecSections" description="Total number of non-exec section callbacks" id="9" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedNonExecSections"></counter>
					<counter name="Total pinned prefetch operations" uri="Sophos.Endpoint.PerfCounters.TotalPinnedPrefetchOperations" description="Total number of exec-section callbacks resulting from prefetcher open" id="10" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedPrefetchOperations"></counter>
					<counter name="Total pinned skip 'on-execute' off" uri="Sophos.Endpoint.PerfCounters.TotalPinnedSkipOnExecuteOff" description="Total number of skips because 'on-execute' was off" id="11" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedSkipOnExecuteOff"></counter>
					<counter name="Total pinned skip 'exclude remote files' on" uri="Sophos.Endpoint.PerfCounters.TotalPinnedSkipExcludeRemoteFilesOn" description="Total number of skips because 'exclude remote files' was on" id="12" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedSkipExcludeRemoteFilesOn"></counter>
					<counter name="Total pinned skip Sophos processes" uri="Sophos.Endpoint.PerfCounters.TotalPinnedSkipSophosProcesses" description="Total number of skips for Sophos processes" id="13" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedSkipSophosProcesses"></counter>
					<counter name="Total pinned skip excluded processes" uri="Sophos.Endpoint.PerfCounters.TotalPinnedSkipExcludedProcesses" description="Total number of skips for excluded processes" id="14" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedSkipExcludedProcesses"></counter>
					<counter name="Total pinned skip excluded files" uri="Sophos.Endpoint.PerfCounters.TotalPinnedSkipExcludedFiles" description="Total number of skips for excluded files" id="15" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedSkipExcludedFiles"></counter>
					<counter name="Total pinned get name failures" uri="Sophos.Endpoint.PerfCounters.TotalPinnedGetNameFailures" description="Total number of get name information failures" id="16" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedGetNameFailures"></counter>
					<counter name="Total pinned zero byte failures" uri="Sophos.Endpoint.PerfCounters.TotalPinnedZeroByteFailures" description="Total number of zero byte file failures" id="17" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedZeroByteFailures"></counter>
					<counter name="Total pinned no file content records" uri="Sophos.Endpoint.PerfCounters.TotalPinnedNoFileContentRecords" description="Total number of failures to get file content records" id="18" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedNoFileContentRecords"></counter>
					<counter name="Total pinned other scan failures" uri="Sophos.Endpoint.PerfCounters.TotalPinnedOtherScanFailures" description="Total number of other scan failures" id="19" type="perf_counter_large_rawcount" detailLevel="standard" struct="PinnedScan" field="TotalPinnedOtherScanFailures"></counter>
				</counterSet>
				<counterSet name="Sophos.SED boot pinned scan stats" symbol="SgBootPinnedScansStats" guid="{ccccefaa-7820-432e-8a92-b980b9f6f640}" uri="Sophos.Endpoint.PerfCounters.BootPinnedScansStats" description="SED driver boot pinned scan stats" instances="single">
					<structs>
						<struct name="BootPinnedScan" type="SgBootPinnedScansStats"></struct>
					</structs>
					<counter name="Total pinned callbacks" uri="Sophos.Endpoint.PerfCounters.BootPinnedCallbacks" description="Total number of pinned callbacks" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="BootPinnedScan" field="BootPinnedCallbacks"></counter>
					<counter name="Total pinned scans" uri="Sophos.Endpoint.PerfCounters.BootPinnedScans" description="Total number of pinned scans" id="1" type="perf_counter_large_rawcount" detailLevel="standard" struct="BootPinnedScan" field="BootPinnedScans"></counter>
					<counter name="Total pinned cached 'allow' hits" uri="Sophos.Endpoint.PerfCounters.BootPinnedCachedAllowResultHits" description="Total number of cached 'allow' result hits for pinned scans" id="2" type="perf_counter_large_rawcount" detailLevel="standard" struct="BootPinnedScan" field="BootPinnedCachedAllowResultHits"></counter>
					<counter name="Total pinned cached 'block' hits" uri="Sophos.Endpoint.PerfCounters.BootPinnedCachedBlockResultHits" description="Total number of cached 'block' result hits for pinned scans" id="3" type="perf_counter_large_rawcount" detailLevel="standard" struct="BootPinnedScan" field="BootPinnedCachedBlockResultHits"></counter>
					<counter name="Total pinned cached 'allow/notify' hits" uri="Sophos.Endpoint.PerfCounters.BootPinnedCachedAllowNotifyResultHits" description="Total number of cached 'allow/notify' result hits for pinned scans" id="4" type="perf_counter_large_rawcount" detailLevel="standard" struct="BootPinnedScan" field="BootPinnedCachedAllowNotifyResultHits"></counter>
					<counter name="Total pinned cached 'block/notify' hits" uri="Sophos.Endpoint.PerfCounters.BootPinnedCachedBlockNotifyResultHits" description="Total number of cached 'block/notify' result hits for pinned scans" id="5" type="perf_counter_large_rawcount" detailLevel="standard" struct="BootPinnedScan" field="BootPinnedCachedBlockNotifyResultHits"></counter>
				</counterSet>
				<counterSet name="Sophos.SED scan types stats" symbol="SgScanTypesStats" guid="{d19aa4f2-6b73-4c35-b798-5d7fe55b2a2a}" uri="Sophos.Endpoint.PerfCounters.ScanTypesStats" description="SED driver stats about scan requests of different types" instances="single">
					<structs>
						<struct name="ScanTypes" type="SgScanTypesStats"></struct>
					</structs>
					<counter name="Total SAV scan no archive msgs" uri="Sophos.Endpoint.PerfCounters.TotalSavScanNoArchiveMsgs" description="Total number of SAV scan with no archive messages sent" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSavScanNoArchiveMsgs"></counter>
					<counter name="Total SAV scan archive msgs" uri="Sophos.Endpoint.PerfCounters.TotalSavScanArchiveMsgs" description="Total number of SAV scan with archive messages sent" id="1" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSavScanArchiveMsgs"></counter>
					<counter name="Total SFS scan on open msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnOpenMsgs" description="Total number of SFS scan on open messages sent" id="2" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnOpenMsgs"></counter>
					<counter name="Total SFS scan on section create msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnSectionCreateMsgs" description="Total number of SFS scan on section create messages sent" id="3" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnSectionCreateMsgs"></counter>
					<counter name="Total SFS scan on cleanup msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnCleanupMsgs" description="Total number of SFS scan on cleanup messages sent" id="4" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnCleanupMsgs"></counter>
					<counter name="Total SFS scan on JIT msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnJITMsgs" description="Total number of SFS scan on JIT messages sent" id="5" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnJITMsgs"></counter>
					<counter name="Total SFS scan on JIT no global rep msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnJITnoGlobalRepMsgs" description="Total number of SFS scan on JIT no global rep messages sent" id="6" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnJITnoGlobalRepMsgs"></counter>
					<counter name="Total SFS scan metadata only msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanMetaDataOnlyMsgs" description="Total number of SFS scan metadata only messages sent" id="7" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanMetaDataOnlyMsgs"></counter>
					<counter name="Total SFS scan on telemetry msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnTelemetryMsgs" description="Total number of SFS scan on telemetry messages sent" id="8" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnTelemetryMsgs"></counter>
					<counter name="Total SFS scan on demand no archives msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnDemandNoArchivesMsgs" description="Total number of SFS scan on demand no archives messages sent" id="9" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnDemandNoArchivesMsgs"></counter>
					<counter name="Total SFS scan on demand archives msgs" uri="Sophos.Endpoint.PerfCounters.TotalSfsScanOnDemandArchivesMsgs" description="Total number of SFS scan on deman archive messages sent" id="10" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSfsScanOnDemandArchivesMsgs"></counter>
					<counter name="Total SSP request scan msgs" uri="Sophos.Endpoint.PerfCounters.TotalSspRequestScanMsgs" description="Total where SSP is requesting a SFS *non-pinned* scan (MetaDataOnly, telemetry, JIT etc...)" id="11" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSspRequestScanMsgs"></counter>
					<counter name="Total SSP request SAV scan msgs" uri="Sophos.Endpoint.PerfCounters.TotalSspRequestSavScanMsgs" description="Total where SSP is requesting a SAV *pinned* scan" id="12" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSspRequestSavScanMsgs"></counter>
					<counter name="Total SSP request SAV non-pinned scan msgs" uri="Sophos.Endpoint.PerfCounters.TotalSspRequestSavNonPinnedScanMsgs" description="Total where SSP is requesting a SAV *non-pinned* (e.g. JIT) scan. V2 message only." id="13" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSspRequestSavNonPinnedScanMsgs"></counter>
					<counter name="Total SSP request scan using scan ID msgs" uri="Sophos.Endpoint.PerfCounters.TotalSspRequestScanUsingScanIdMsgs" description="Total where SSP is requesting a SFS scan for an already opened file (for now only on-demand scan). V2 message only." id="14" type="perf_counter_large_rawcount" detailLevel="standard" struct="ScanTypes" field="TotalSspRequestScanUsingScanIdMsgs"></counter>
				</counterSet>
				<counterSet name="Sophos.SED communication stats for SFS" symbol="SgSfsScansStats" guid="{cc40f531-19ee-4e98-b241-2c0b3a5bddb7}" uri="Sophos.Endpoint.PerfCounters.SfsScansStats" description="Stats about SFS-SSP communication" instances="single">
					<structs>
						<struct name="SfsScans" type="SgSfsScansStats"></struct>
					</structs>
					<counter name="SFS number of local scans" uri="Sophos.Endpoint.PerfCounters.SfsNumLocalScans" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumLocalScans"></counter>
					<counter name="SFS number of network scans" uri="Sophos.Endpoint.PerfCounters.SfsNumNetworkScans" id="1" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumNetworkScans"></counter>
					<counter name="SFS number of hung thread messages" uri="Sophos.Endpoint.PerfCounters.SfsNumHungThreadMsgs" id="2" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumHungThreadMsgs"></counter>
					<counter name="SFS skipped - no process" uri="Sophos.Endpoint.PerfCounters.SfsNumSkippedNoProcess" id="3" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumSkippedNoProcess"></counter>
					<counter name="SFS skipped - no thread" uri="Sophos.Endpoint.PerfCounters.SfsNumSkippedNoThread" id="4" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumSkippedNoThread"></counter>
					<counter name="SFS number of send message timeouts" uri="Sophos.Endpoint.PerfCounters.SfsNumScanSendMsgTimeouts" id="5" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumScanSendMsgTimeouts"></counter>
					<counter name="SFS number of reply timeouts" uri="Sophos.Endpoint.PerfCounters.SfsNumScanTimeouts" id="6" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumScanTimeouts"></counter>
					<counter name="SFS request cancelled" uri="Sophos.Endpoint.PerfCounters.SfsNumScanIoCancelled" id="7" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumScanIoCancelled"></counter>
					<counter name="SFS thread terminated" uri="Sophos.Endpoint.PerfCounters.SfsNumScanThreadTerminate" id="8" type="perf_counter_large_rawcount" detailLevel="standard" struct="SfsScans" field="SfsNumScanThreadTerminate"></counter>
				</counterSet>
				<counterSet name="Sophos.SED communication stats for SAV" symbol="SgSavScansStats" guid="{01b0890d-3abd-4c66-bd21-b59a66ffc22a}" uri="Sophos.Endpoint.PerfCounters.SavScansStats" description="Stats about SAV-SSP communication" instances="single">
					<structs>
						<struct name="SavScans" type="SgSavScansStats"></struct>
					</structs>
					<counter name="SAV number of local scans" uri="Sophos.Endpoint.PerfCounters.SavNumLocalScans" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumLocalScans"></counter>
					<counter name="SAV number of network scans" uri="Sophos.Endpoint.PerfCounters.SavNumNetworkScans" id="1" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumNetworkScans"></counter>
					<counter name="SAV number of hung thread messages" uri="Sophos.Endpoint.PerfCounters.SavNumHungThreadMsgs" id="2" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumHungThreadMsgs"></counter>
					<counter name="SAV skipped - no process" uri="Sophos.Endpoint.PerfCounters.SavNumSkippedNoProcess" id="3" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumSkippedNoProcess"></counter>
					<counter name="SAV skipped - no thread" uri="Sophos.Endpoint.PerfCounters.SavNumSkippedNoThread" id="4" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumSkippedNoThread"></counter>
					<counter name="SAV number of send message timeouts" uri="Sophos.Endpoint.PerfCounters.SavNumScanSendMsgTimeouts" id="5" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumScanSendMsgTimeouts"></counter>
					<counter name="SAV number of reply timeouts" uri="Sophos.Endpoint.PerfCounters.SavNumScanTimeouts" id="6" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumScanTimeouts"></counter>
					<counter name="SAV request cancelled" uri="Sophos.Endpoint.PerfCounters.SavNumScanIoCancelled" id="7" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumScanIoCancelled"></counter>
					<counter name="SAV thread terminated" uri="Sophos.Endpoint.PerfCounters.SavNumScanThreadTerminate" id="8" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumScanThreadTerminate"></counter>
					<counter name="SAV scan aborted" uri="Sophos.Endpoint.PerfCounters.SavNumScanAborted" id="9" type="perf_counter_large_rawcount" detailLevel="standard" struct="SavScans" field="SavNumScanAborted"></counter>
				</counterSet>
				<counterSet name="Sophos.SED Event Journal stats" symbol="SgEventJournalStats" guid="{5a0eb4d7-5a13-4031-8ffc-75820d4e0fe0}" uri="Sophos.Endpoint.PerfCounters.EventJournalStats" description="Stats about Event Journal" instances="single">
					<structs>
						<struct name="EventJournalStats" type="SgEventJournalStats"></struct>
					</structs>
					<counter name="Total number of events queued" uri="Sophos.Endpoint.PerfCounters.TotalQueued" id="0" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStats" field="TotalQueued"></counter>
					<counter name="Free space in bytes on the system volume" uri="Sophos.Endpoint.PerfCounters.FreeSpace" id="1" defaultScale="-9" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStats" field="FreeSpace"></counter>
					<counter name="Lowest amount of free space in bytes on the system volume" uri="Sophos.Endpoint.PerfCounters.MinFreeSpace" id="2" defaultScale="-9" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStats" field="MinFreeSpace"></counter>
					<counter name="Total number of requested extra flushes of events to disk" uri="Sophos.Endpoint.PerfCounters.RequestedExtraflushes" id="3" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStats" field="RequestedExtraflushes"></counter>
				</counterSet>
				<counterSet name="Sophos.SED Event Journal indexed stats" symbol="SgEventJournalStatsIndexed" guid="{db774743-75fd-4b91-bb7d-a39ea9b48687}" uri="Sophos.Endpoint.PerfCounters.EventJournalStatsIndexed" description="Stats about Event Journal per directory" instances="multipleAggregate">
					<structs>
						<struct name="EventJournalStatsIndexed" type="SgEventJournalStatsIndexed"></struct>
					</structs>
					<counter name="Bytes in the memory queue" uri="Sophos.Endpoint.PerfCounters.BytesInQueue" id="0" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="BytesInQueue"></counter>
					<counter name="Peak bytes in the memory queue" uri="Sophos.Endpoint.PerfCounters.MaxBytesInQueue" id="1" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" aggregate="undefined" struct="EventJournalStatsIndexed" field="MaxBytesInQueue"></counter>
					<counter name="Events in the memory queue" uri="Sophos.Endpoint.PerfCounters.EventsInQueue" id="2" defaultScale="-3" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="EventsInQueue"></counter>
					<counter name="Peak events in the memory queue" uri="Sophos.Endpoint.PerfCounters.MaxEventsInQueue" id="3" defaultScale="-3" type="perf_counter_large_rawcount" detailLevel="standard" aggregate="undefined" struct="EventJournalStatsIndexed" field="MaxEventsInQueue"></counter>
					<counter name="Events dropped because of memory limits" uri="Sophos.Endpoint.PerfCounters.EventsDropped" id="4" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="EventsDropped"></counter>
					<counter name="Files deleted because all files together hit the disk limit" uri="Sophos.Endpoint.PerfCounters.FilesDeletedLimit1" id="5" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="FilesDeletedLimit1"></counter>
					<counter name="Files deleted because the free disk space is tight" uri="Sophos.Endpoint.PerfCounters.FilesDeletedLimit2" id="6" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="FilesDeletedLimit2"></counter>
					<counter name="Events written to disk" uri="Sophos.Endpoint.PerfCounters.EventsWritten" id="7" defaultScale="-6" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="EventsWritten"></counter>
					<counter name="Write errors seen while writing events" uri="Sophos.Endpoint.PerfCounters.WriteErrors" id="8" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="WriteErrors"></counter>
					<counter name="Recovered write errors seen while writing events" uri="Sophos.Endpoint.PerfCounters.WriteErrorsRecovered" id="9" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="WriteErrorsRecovered"></counter>
					<counter name="NTSTATUS code of last write error. '0x42' means less data written than expected" uri="Sophos.Endpoint.PerfCounters.LastWriteErrorCode" id="10" type="perf_counter_rawcount_hex" detailLevel="standard" aggregate="undefined" struct="EventJournalStatsIndexed" field="LastWriteErrorCode"></counter>
					<counter name="Total size of all files" uri="Sophos.Endpoint.PerfCounters.BytesOnDisk" id="11" defaultScale="-9" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="BytesOnDisk"></counter>
					<counter name="Total number of files" uri="Sophos.Endpoint.PerfCounters.FilesOnDisk" id="12" type="perf_counter_large_rawcount" detailLevel="standard" struct="EventJournalStatsIndexed" field="FilesOnDisk"></counter>
				</counterSet>
                <counterSet name="Sophos.SED deadlock detection tracking stats" symbol="SgDeadlockDetectionTrackingStats" guid="{bf01378b-8ee6-45b9-ac28-7851235e9060}" uri="Sophos.Endpoint.PerfCounters.DeadlockDetectionTracking" description="SED driver stats about deadlock detection tracking" instances="single">
                    <structs>
                        <struct name="DeadlockDetectionTracking" type="SgDeadlockDetectionTrackingStats"></struct>
                    </structs>
                    <counter name="Total count of Apc level" uri="Sophos.Endpoint.PerfCounters.TotalAnalyticThreadApcLevel" id="0" type="perf_counter_large_rawcount" detailLevel="standard" struct="DeadlockDetectionTracking" field="TotalAnalyticThreadApcLevel"></counter>
                    <counter name="Total count of all Apcs disabled" uri="Sophos.Endpoint.PerfCounters.TotalAnalyticThreadAllApcsDisabled" id="1" type="perf_counter_large_rawcount" detailLevel="standard" struct="DeadlockDetectionTracking" field="TotalAnalyticThreadAllApcsDisabled"></counter>
                    <counter name="Total count of attached process" uri="Sophos.Endpoint.PerfCounters.TotalAnalyticThreadAttachProcess" id="2" type="perf_counter_large_rawcount" detailLevel="standard" struct="DeadlockDetectionTracking" field="TotalAnalyticThreadAttachProcess"></counter>
                </counterSet>
			</provider>
		</counters>
	</instrumentation>
</instrumentationManifest>
Anon7 - 2022
AnonSec Team