The Sophos Community will be unavailable from 13:00 to 18:00 UTC this Saturday, October 1st for upgrades. Stay tuned to our Twitter account @SophosSupport for updates.
Before running through these steps you should clear the virus alert from your quarantine via Sophos Endpoint Security and Control. To clear the Shadow volume copy:
Once the system has rebooted then please run a full system scan to check for the infection. When the system has been confirmed clean then the disabled shadow copy can be re-enabled.
On occasions the detection exists but the Windows shadow copies are not enabled. You should check for any non-Microsoft backup utilities for example 'Backup Exec'. When using third party backup software then you should contact the software vendor for instructions purging the restore.
If no third party application is used you can try enabling the backups to create a restore point and then proceed with the above steps to purge the shadow copy.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.