I assume this is a Windows computer and you performed it at the client?
Firstly, no need to panic, Sophos doesn't allow you to "Authorize" real threats as such, only applications you may consider unwanted, i.e. Potentially Unwanted Applications (PUAs).
If you launch the Sophos interface, e.g. double click on the shield.
Navigate to "Configure" -> "Anti-Virus" -> "Authorization".
In the dialog, you can see a list of Authorized items under each tab. I suspect you will find what you authorized here.