The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
The 'alert only' behavioural rule in Sophos Anti-Virus for Windows 2000+ warns of files that are suspected to be malicious. However, as the identification has not been confirmed by a precise identity, the files are not automatically prevented from running, or automatically deleted.
Note: This only happens in 'alert only' mode. In all other modes, suspicious files will be blocked.
Applies to the following Sophos product(s) and version(s) Sophos Anti-Virus for Windows 2000+
Alert only mode
This can be deselected as follows:
The 'alert only' rules scan all intercepted files, but if they trigger against a file, although an entry will be added to Quarantine Manager, the file will be allowed to continue running.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.