This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Status Window

Hi,

I recently had a "false positive" flag as malware. My Sophos IT manager stopped this by putting in an exception to the file globally. This stoped the "false positive" being flagged. However, I now still have "Threat detected" in the status window of my local program. How do I get rid of this message - which is now no longer applicable?

Many thanks,

 

Seb



This thread was automatically locked due to age.
Parents
  • Hi,

    I assume it's listed in the Quarantine Manager but you have no action you can take on it?

    If you look under "Local Users and Groups" (lusrmgr.msc). Under "Groups" you should find one called "SophosAdministrator" is your account a member of this?  If not, can you add it and re-launch the client software?  Do you have actions available to you now?

    Regards,

    Jak

     

Reply
  • Hi,

    I assume it's listed in the Quarantine Manager but you have no action you can take on it?

    If you look under "Local Users and Groups" (lusrmgr.msc). Under "Groups" you should find one called "SophosAdministrator" is your account a member of this?  If not, can you add it and re-launch the client software?  Do you have actions available to you now?

    Regards,

    Jak

     

Children
  • Hi Jak,

     

    Struggling to find the Quarantine manager.....! It's not in my control panel on line. I've got to say this new cloud based program is far too complicated and very difficult to navigate. Why did Sophos get rid of the old program - which was easy to use?!

    All I want to do is get rid of the false positive message. Surely it shouldn't be necessary to re-launch the program to perform such a simple task?

    I have tried to contact the Sophos help team - but they don't seem to want to answer my calls.

    Not satisfied with Sophos at the moment!

    regards,


    Seb

  • Hi,

    Can you attach or reference a screenshot of what you see that covers this statement?

    "Threat detected" in the status window of my local program.

    Thanks,

    Jak

  • This is the status window

    And here is the detail:

    The false positive file is the Splashtop Streamer program that my IT guy uses to access my machine remotely. The only way he could stop the false positive was to put an exception in the exception list in the cloud control panel.

    Cheers,

    Seb

  • Incidentally,

    My IT and Sophos Agent has tried in vain to contact support to help solve this problem. He waited 40 minutes on hold before giving up. This NOT the level of service that I had come to expect from one of the top anti virus companies in the world.

    We are seriously considering asking for our money back and changing to one of Sophos's competitors.

    When Sophos sells a professional grade program, their back up should reflect this.

    Regards,

    Seb

  • Sophos needs to take note of how useless this Windows Status window is. Where is Quarantine Manager, I have spent time looking for this elusive thing?? Sophos....please spell out the path as to where this is and how the FWORD do I look at it???? Is this some big secret?? Let us in on it seeing this is MY PC.

    I have no quarantine folder on my entire PC, so where the hell is this stuff I have in Quarantine?? Baffles the frigging mind.?? But I did go to the path where it found a PUA but guess what, its not in anything Sophos created, its in a folder a user created. Funny how something in Quarantine is not in qurantine..wherever that may be??

    However, I cannot delete the file. FFS. psexec.exe...go to delete, needs my permission...really....sophos popup appears and identifies same file, but offers ZERO help in removing it. Thanks for letting me know its there. (DOH)

    So now I need to boot in to safe mode to rid myself from a file that SOPHOS should be handling. Why the fuck do I have Sopohs installed then? This product appears to SUCK!!

    I want my god damn money back.

  • Hello Howiedog,

    [I'm not Sophos]
    something in Quarantine is not in quarantine
    you're using Central, aren't you?
    I'm not a Central user but from various threads I understand that (access to) the QM has been removed for Central managed endpoints. Can't say if this is really the case and why.

    I have no quarantine folder
    there is no quarantine folder
    and AFAIK there has never been one (and it isn't %ProgramData%\Sophos\Sophos Anti-Virus\INFECTED\). The term quarantine is perhaps an unfortunate one as it leads to misconceptions about the nature of the "quarantine" in Sophos Anti-Virus: A (file containing a) threat is in quarantine when either Remediation isn't enabled in the policy, cleanup failed, or (immediate) cleanup is unavailable. It isn't moved, renamed, or otherwise manipulated but path and detection details are recorded. QM is/was the local tool to display this list (together with potential Available Actions). As Central seems determined to take any capability to "make changes" away from the endpoint users QM wouldn't be of much use anyway. To be able to perform any remediation action an admin would have to access Central Admin.

    Christian