How to restore a threat file that has been cleaned up?

How to restore a threat file that has been cleaned up?

(The self-developed program was considered a threat file, so it was cleaned up during the copying process.)

How can i restore the file? 



Edited tags
[edited by: Gladys at 5:15 AM (GMT -7) on 14 Oct 2022]
Parents
  • Hi Johnson,

    Thanks for reaching out to the Sophos Community Forum. 

    It's possible to restore a file by navigating to the concerned device page in Sophos Central. The detection event will have options for you to white-list the detected item.

    You can also add an exclusion either via the Threat Protection Policy or from the Global Exclusions UI for the file path of the detected item. Once the exclusion is received by the endpoint, the file will be restored. 

    I suggest sending in the affected file as a sample submission to our Sophos Labs team so that we can make changes to our detection engine to ensure the file is not detected in the future. You can do this from the following link. 
    - Submit a sample

    If this does not work, please provide a screenshot of the detection so we can advise further.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi Johnson,

    Thanks for reaching out to the Sophos Community Forum. 

    It's possible to restore a file by navigating to the concerned device page in Sophos Central. The detection event will have options for you to white-list the detected item.

    You can also add an exclusion either via the Threat Protection Policy or from the Global Exclusions UI for the file path of the detected item. Once the exclusion is received by the endpoint, the file will be restored. 

    I suggest sending in the affected file as a sample submission to our Sophos Labs team so that we can make changes to our detection engine to ensure the file is not detected in the future. You can do this from the following link. 
    - Submit a sample

    If this does not work, please provide a screenshot of the detection so we can advise further.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children