Disable Automatically clean up malware not working

Please see the documentation: https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/ConfigureMalwareProtection.html

Automatically clean up malware: Sophos Central will try to clean up detected malware automatically.

If the cleanup succeeds, the malware detected alert is deleted from the alerts list. The detection and cleanup are shown in the events list.

Hello RichardP thak you for your answer.

Based on this statement "PE files are quarantined and can be restored." How can quarantined files be restored from Sophos Central Admin portal?

It is one of the options in a detection event in Central. You can also exclude PEs by hash or by location.

It is one of the options in a detection event in Central. You can also exclude PEs by hash or by location.

Thanks for your response.

So, once I make the exclusion the file is accesisble again? even if It said it was cleaned up?

If so, one thing with making the exclusion from the event is that it makes the exception for all devices (global), if I take that file hash and put it in an specific exclusion inside one policy, would it "return" the file too?

Best regards,

Exclusions are global - yes. 

It will be returned with some caveats - if the PE is less than 75MB in size and it is still in the Safe Store.

Be aware, adding an exclusion will let the PE run without interference - other than from Exploit prevention. With that in mind, folder exclusions are very dangerous and should only be done in specific circumstances.