A number of our devices have the status "Malware or potentially unwanted applications in quarantine". Is there a way to remotely remove items from the quarantine (we are using Sophos Central)?
This thread was automatically locked due to age.
Hi K_M
Manual cleanup is commonly required for one of two reasons:
The item detected may actually be a program that can be uninstalled so check this first.
Delete the item from the folder by clicking on it once with the left mouse button and then pressing shift + delete on the keyboard - this by-passes the Recycle Bin. Click 'Yes' to confirm the deletion.
Note: You can delete multiple items in the same folder at the same time by dragging the mouse cursor over them and pressing Shift + Delete. You don't have to delete item like this - it's just recommended, but if you delete items in the normal way ensure you empty the Recycle Bin afterwards.
If the item no longer exists you will see an error message saying Error displaying this folder's content - this means the location no longer exists and you can try to open the location of the second item and check if that exists.
Note: If the component detected ends with FILE:0000 or similar then the component was detected as it was attempting to run and will not exist on disk - you can therefore ignore all detected components that end like this.
Repeat step 7 for any additional items.
Once you have manually deleted the files from your computer, clear the item from the Quarantine Manager.
We recommend that you now run a full scan to confirm your computer is free of malware.
Haridoss S
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Can you please provide details on how to access the quarantine manager? I have several workstations in the Sophos Central that tells me to to review the quarantine, but I can't seem to find it.
Hi Jiri/Maurice,
The infected files are moved to C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED by default unless the directory is changed. Let me know if this helps resolve your issue.
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
This directory is empty, but Sophos Antivirus reported / " Malware or potentially unwanted applications in quarantine"
I cannot manage to get rid of this report.
Can you please provide details on how to access the quarantine manager? I have several workstations in the Sophos Central that tells me to to review the quarantine, but I can't seem to find it.
Can you reccomend any solution?
I have to CLEARLY state: "The quarantine directory is EMPTY and "the problematic" file DOESN´T exist."
The long and short of this is that there isn't a quarantine manager anymore. You have to navigate to the location indicated above which is always empty, and you have to stop a bunch of services to get into that folder directory.
We switched to another provider as our licenses expire in January. It was worth it for me to move on now. I got sick and tired of these messages and several workstations showing out of compliance...constantly and now way to clear them.
Haridoss Sreenivasan said:Hi Jiri/Maurice,
The infected files are moved to C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED by default unless the directory is changed. Let me know if this helps resolve your issue.
WRONG.
Please advise again.,..how do we purge these messages about "malware or potentially unwanted applications"
There is NOTHING on the windows PC that help either. INFECTED folder is empty....repeat...empty. Meaning ...there is NOTHING IN THERE TO REMOVE!!
But the message persists in the Dashboard and I am getting extremely angry with this software.
Please explain......step by step if you have to. I am waiting.