Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 11539 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

acknowledgements, what actually happens?

ReintjedeSophos

I found the sophos enterprise console to be less then stellar when it comes to reporting. So when a cleanup times out and I've performed a full scan via the console on a pc,  can't really be certain whether the pc is cleaned. So what happens if I then acknowledge the alert? Does that mean that the virus is reported as safe, and thereby free to execute? Or does it simply acknowledge the alert, until the local sophos agent rereports it as a virus?

I would assume the latter is the case, but I'd like be certain about that.

Sophos Enterprise console (version: 4.0.0.2362)

cheers,

Ritch

:2366


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I think clean-up is only offered if the identity that detects the malware has a cleanup routine defined.  In some instances a full scan is required to dispose of the threat but this would be apparent in the message and in such a case the threat would have a clean-up routine.

    An acknowledge action only really sets the threat as outstanding = 0 in the threats table in the database, it is then moved to the threatsarchive table later.  This really just serves to get it out of the way in the computer list view and move it to the history section in the computer details page.

    What threats are being found on the machines with only an acknowledge action?  It could be that it's an old piece of malware for which a clean-up routine wasn't created or that a clean-up routine can't be performed easily or safely.

    Jak 

    :6137
Reply
  • 0

    Hi,

    I think clean-up is only offered if the identity that detects the malware has a cleanup routine defined.  In some instances a full scan is required to dispose of the threat but this would be apparent in the message and in such a case the threat would have a clean-up routine.

    An acknowledge action only really sets the threat as outstanding = 0 in the threats table in the database, it is then moved to the threatsarchive table later.  This really just serves to get it out of the way in the computer list view and move it to the history section in the computer details page.

    What threats are being found on the machines with only an acknowledge action?  It could be that it's an old piece of malware for which a clean-up routine wasn't created or that a clean-up routine can't be performed easily or safely.

    Jak 

    :6137
Children
No Data
Unfiltered HTML