I have a PC using Sophos Endpoint. I am not the admin, the admin is not available, and I do not have the admin password.
Core Agent 2.6.0
Endpoint Advanced 10.8.6
Sophos Intercept X 2.0.16
Device Encryption Not Installed.
Sophos detected malware in an EXE, so I deleted it. Unfortunately, sophos does not consider deleted a file good enough, as it still lists the files as "Failed to clean up threats."
As a result, Sophos bricked the PC (I assume you guys call that 'isolated'), but it is bricked just the same. It has no internet access. Not even sophos help works...a big lol to a security system that bricks its own help, but whatever.
So. The files are deleted...how to convince Sophos to re-scan and unbrick the PC?
There is a 'refresh Events' button, but it does not actually refresh the events...it just assumes the files are still there and leaves the PC Bricked.
There needs to be a way that end users can fix their own PCs when the Admin is not available. How is this done?