This article describes the steps to resolve if one or more of the following alerts are displayed in the Sophos Central Admin.
Alert : Malware not cleaned up
where the specific event information takes the form:
Manual cleanup required: '[ThreatName]' at '[Location]'
In addition to the Action Center alert an email alert is also sent to each Sophos Central administrator.
A threat has been detected and blocked but requires further action in order to remove it.
By default, when Sophos Anti-Virus encounters malware it will prevent execution and then attempt to automatically clean the threat. There are occasions however where automatic cleanup is unable to take place, for example, the detection identity does not have a cleanup routine, permissions to the file do not permit cleanup, the threat is an archive or some form of container format, etc.
Malware not cleaned up: 'EICAR-AV-Test' at '/Users/emk/Downloads/eicarcom2.zip'
Malware not cleaned up: 'Troj/DocDl-KE' at '/Users/user1/Library/Containers/com.apple.mail/Data/Library/Mail Downloads/2DCBC8E9-D2AE-4B19-A9D3-B8839A3A166B/NU43135046.doc’
Applies to the following Sophos products and versions Sophos Cloud
Taking the above notes into consideration, for threats that do require manual cleanup beyond simply removing the file as detailed above; the following steps should be carried out in order to resolve the alert. Not all steps maybe required depending on the threat.
Note: If the computer is offline this action will be queued until the computer is next online. It is expected an an update should take no more than a couple of minutes.
Once the scan has completed check the 'Dashboard' or 'Alerts' for additional actions for the computer that can be performed. If the threat is removed no further action is required.
If there are available actions for individual items they will be presented.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.