Sophos Diagnostic Utility (SDU): how to use it to send files to Sophos Technical Support

The Sophos Diagnostic Utility (SDU) collects vital system information as well as log files for all Sophos products that are installed on the computer.

To download and install the SDU refer to the knowledgebase article Sophos Diagnostic Utility (SDU): how to download and install.

The following instructions describe how to run it and how to send the results to Sophos Technical Support.

Running the Sophos Diagnostic Utility

Windows computers

1. If the Sophos Diagnostic Utility is not already open, go to Start|Programs|Sophos|Sophos Diagnostic Utility and select 'Sophos Diagnostic Utility'.
2. In the list of options, select the information you would like the Sophos Diagnostic Utility to collect. Unless you have been instructed otherwise by a member of Sophos Technical Support, you should ensure that all of the options are selected.
3. Click 'Continue'. The utility will take several minutes to collect all of the data that was selected.
4. When the utility has finished collecting the data, 'Locate archive' shows the location of the zip archives of the collected files.

Mac OS X computers

• Double click the 'sdu.command' file found inside of the DMG file. This will launch a Terminal window that collects the relevant files and information.
• The files are archived and compressed into a file called 'Sophos_SDU.tgz' and placed on the user's Desktop.

Finding malicious samples using the SDU tool  

The logs created by the SDU tool are primarily for Sophos Technical Support, however they can be used to help identify malware that is loading on a machine. Within the SDU archive there’s an XML file called REG-Malware-Common-Runkeys.xml . This file lists the common loadpoints for applications which malware may also use. By analysing the list you can discern which applications are legitimate and which may be malware.

In addition to the Common-Runkeys file the SDU tool also collects the Sophos Anti-Virus log SAV.txt which will show all current and previous detections on the machine.

NOTE: Any items of undetected malware or suspicious files should be submitted to the SophosLabs for analysis. https://secure.sophos.com/support/samples

Below is a list of other files that are collected by the SDU tool and a brief explanation of what each contains: