A number of our devices have the status "Malware or potentially unwanted applications in quarantine". Is there a way to remotely remove items from the quarantine (we are using Sophos Central)?
This thread was automatically locked due to age.
Problem: Windows PC continues to report "malware or potential unwanted apps...." and this error NEVER goes away.
I un-installed Sophos agent yesterday on my windows PC and from Sophos Central.
24 hours later, re-installed today. The error, I am happy to report is gone. Ok..so far...one problem fixed...the hard way. This is NOT a solution. We cannot be expected to have to reinstall these agents to clean up these errors, thats ridiculous.
Another thing, every time.....I mean, every time I install an agent, I get an email saying one or more services are not running.
9:11 the error is reported and emailed
I take zero action against this email alert and @
9:42 all services are running
OMG......How can I delay this email being sent because it is a FALSE email and provides nothing but aggravation and is becoming very tiring.
What I am not happy about. Sophos needs to supply a "Complete and Thorough" Un-install tool.
When I reinstalled Sophos this am, it remembered the PC and even that Tamper Protect was off.
When I uninstall this Sophos Agent, I had hoped and half expect it to uninstall in its entirety.
I guess the only way to uninstall is to manually go through every frigging setting/folder, go through the registry...and remove any and all traces.
This is not an A/V program, is an exercise in frustration.
This folder have nothing. it's empty. Can you please answer the question that all people do?
WHERE IS QUARANTINE MANAGER?
Hi Sophos staff!!
Can you PLEASE answer our qestion????????????
This folder have nothing. it's empty. Can you please answer the question that all people do?
WHERE IS QUARANTINE MANAGER?
Currently 4 of my PCs have the status: "Malware or potentially unwanted applications in quarantine"
And I need a solution too.
Exactly the same issue here. I have servers and workstations saying "Malware or potentially unwanted applications in quarantine" but appears to be no way to access the Quarantine. The PUAs themselves have been dealt with but the status of these devices is "Questionable" with, apparently, no way to clear this so they will stay this way forever?
Uninstalling and reinstalling the software on these machines is not an option.
How do I resolve this?
Removing the event database as suggested in here worked for me.
Turn off tamper protection, get an administrator prompt and execute:
net stop "Sophos Health Service"
ren "%ProgramData%\Sophos\Health\Event Store\Database\events.db" events.db.old
net start "Sophos Health Service"