Running malware in quarantine or cleanup failure

Question

I see a few clients in my console that have this listed under there Status - How can I resolve this alert for them? 
 
 I have seen a few post for this, but no real clear indicator of how to resolve this, so if someone can tell me what needs to be done I would appreciate it! 
 TIA!

Gowtham Mani · Answer

Hi Jeff, 
 Can you please try the following suggestions and let me know if you are still seeing the alert? 
 > Reboot. > Full Scan on the reported client machine. > Resolve the alerts in the central console. > Sophos clean scan (If the alert is still seen after the full scan) > Confirm if the file is still present in the actual folder location.

Michael Smith4 · Answer

Hi Jerry, 
 
 I found a way to clear the alert. Once you have verified that any threat has been removed, open Sophos Endpoint> Log in as Admin> Go to Events> Find the alert> Select "Ignore". Once the device communicates with Sophos Central, the alert will be removed there as well. 
 
 Hope this helps. 
 
 Mike

Clayton Mitchell1 · Answer

I would like to add to this answer. Only this solution below worked for us thanks to MarlonD at Sophos Support. 
 Basically you create a fresh new Sophos Endpoint Events database. 
 
 a. Turn off the Tamper Protection. 
 b. Press the keys Windows and R, then type services.msc. 
 c. Stop Sophos Health Service. 
 d. Go to C:\ProgramData\Sophos\Health\Event Store\Database and rename the file events.db to events.orig. 
 e. Restart Sophos Health Service. 
 f. Open the Task Manager and end the process Sophos Endpoint User Interface. 
 g. Launch a new Sophos Endpoint user interface by clicking the file C:\Program Files\Sophos\Sophos UI\Sophos UI.exe and verify that its status is green and the event count is 0. 
 h. Turn on the Tamper Protection.