This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Running malware in quarantine or cleanup failure

I see a few clients in my console that have this listed under there Status - How can I resolve this alert for them?

I have seen a few post for this, but no real clear indicator of how to resolve this, so if someone can tell me what needs to be done I would appreciate it!

TIA!



This thread was automatically locked due to age.
Parents
  • Hi Jeff, 

    Can you please try the following suggestions and let me know if you are still seeing the alert?

    > Reboot.
    > Full Scan on the reported client machine.
    > Resolve the alerts in the central console.
    > Sophos clean scan (If the alert is still seen after the full scan)
    > Confirm if the file is still present in the actual folder location.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • I would like to add to this answer. Only this solution below worked for us thanks to MarlonD at Sophos Support.

    Basically you create a fresh new Sophos Endpoint Events database.

     

    a. Turn off the Tamper Protection.

    b. Press the keys Windows and R, then type services.msc.

    c. Stop Sophos Health Service.

    d. Go to C:\ProgramData\Sophos\Health\Event Store\Database and rename the file events.db to events.orig.

    e. Restart Sophos Health Service.

    f. Open the Task Manager and end the process Sophos Endpoint User Interface.

    g. Launch a new Sophos Endpoint user interface by clicking the file C:\Program Files\Sophos\Sophos UI\Sophos UI.exe and verify that its status is green and the event count is 0.

    h. Turn on the Tamper Protection. 

     

Reply
  • I would like to add to this answer. Only this solution below worked for us thanks to MarlonD at Sophos Support.

    Basically you create a fresh new Sophos Endpoint Events database.

     

    a. Turn off the Tamper Protection.

    b. Press the keys Windows and R, then type services.msc.

    c. Stop Sophos Health Service.

    d. Go to C:\ProgramData\Sophos\Health\Event Store\Database and rename the file events.db to events.orig.

    e. Restart Sophos Health Service.

    f. Open the Task Manager and end the process Sophos Endpoint User Interface.

    g. Launch a new Sophos Endpoint user interface by clicking the file C:\Program Files\Sophos\Sophos UI\Sophos UI.exe and verify that its status is green and the event count is 0.

    h. Turn on the Tamper Protection. 

     

Children
No Data