Malware Quarantine

Thank you for reaching the community forum.

Based on the error you've shared, it appears this detection has been cached on the endpoint it self. But to make sure, Kindly validate if you're seeing an active path on the bot endpoint, and Sophos Central delete the application or file that has been detected then perform a full system scan once done.

There's also a high probability that you won't be able to see any detected files once you've finished validating and confirming. You can proceed to manually clean up the cached detection by following the below steps.

• Disable the Tamper Protection (if enabled).
• Go to services.msc and stop the Sophos Health Service.
• Browse to the following folder: C:\ProgramData\Sophos\Health\Event Store\Database.
• Rename or delete events.db to events.orig.
• Restart the Sophos Health Service.
• Open the Task Manager and end the Sophos UI.exe process.
• Launch a new Sophos UI.exe process from C:\Program Files\Sophos\Sophos UI.exe

Thank you for reaching the community forum.

Based on the error you've shared, it appears this detection has been cached on the endpoint it self. But to make sure, Kindly validate if you're seeing an active path on the bot endpoint, and Sophos Central delete the application or file that has been detected then perform a full system scan once done.

There's also a high probability that you won't be able to see any detected files once you've finished validating and confirming. You can proceed to manually clean up the cached detection by following the below steps.

• Disable the Tamper Protection (if enabled).
• Go to services.msc and stop the Sophos Health Service.
• Browse to the following folder: C:\ProgramData\Sophos\Health\Event Store\Database.
• Rename or delete events.db to events.orig.
• Restart the Sophos Health Service.
• Open the Task Manager and end the Sophos UI.exe process.
• Launch a new Sophos UI.exe process from C:\Program Files\Sophos\Sophos UI.exe