Hi, in my sophos central i find a pc with STATUS - Security Health - Running malware in quarantine or cleanup failure but in the event log are present only this warning/error entry:
Nov 20, 2018 12:13 PM Running malware locally cleared: 'HPmal/Crusher-N' at 'C:\Windows\SysWOW64\cmd.exe' Nov 20, 2018 12:13 PM Running malware detected: 'HPmal/Crusher-N' at 'C:\Windows\SysWOW64\cmd.exe'
There aren't other warning.
What should I do to solve the problem?
Has anything come of this? I have this same warning and after scanning it with Sophos and Malwarebytes, it is still showing Critical in Sophos Central. With it being in the SysWOW64 I don't assume I can just delete it.
Consider running Microsoft Autoruns to see if there are any unusual programs that are running automatically, and is triggering the detection.
Sometimes it's a scheduled task that is running a script that seems unusual but may be causing behavior that is malicious and is triggering a detection.
For more information on MS Autoruns I recommend you read the official article here: https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx.
Once you have located the process that is running some script that seems unusual, you can send the script sample or so that is being run to Sophos Labs for further review, and remove this from your machine. Once done, do another system scan to see if something is still being detected.