Running malware in quarantine or cleanup failure

I see a few clients in my console that have this listed under there Status - How can I resolve this alert for them?

I have seen a few post for this, but no real clear indicator of how to resolve this, so if someone can tell me what needs to be done I would appreciate it!

TIA!

  • Hi Jeff, 

    Can you please try the following suggestions and let me know if you are still seeing the alert?

    > Reboot.
    > Full Scan on the reported client machine.
    > Resolve the alerts in the central console.
    > Sophos clean scan (If the alert is still seen after the full scan)
    > Confirm if the file is still present in the actual folder location.

  • In reply to Gowtham Mani:

    I rebooted, alert still present

    I did full scan - alert still present

    How do I Resolve the alert in the central console, when it does not even show me what the actual issue is?

  • In reply to Jerry Gonzales:

    I'm having the same issue. There is no threat on my device but I'm having a difficult time removing the alert.

  • In reply to Jerry Gonzales:

    Hi Jerry,

     

    I found a way to clear the alert. Once you have verified that any threat has been removed, open Sophos Endpoint> Log in as Admin> Go to Events> Find the alert> Select "Ignore". Once the device communicates with Sophos Central, the alert will be removed there as well.

     

    Hope this helps.

     

    Mike

  • In reply to Michael Smith4:

    I am unable to find the option to ignore in the Sophos Endpoint.  And as you can see from the screen shot, I also can't read the full path to where the offending file is located. 

     

  • In reply to Jerry Gonzales:

    You have to select "Admin Login" and enter your credentials first

  • In reply to Michael Smith4:

    That did it, thanks

     

    For those who don't know how to log "Admn Login", you need to go to Sophos Central, select your server in the Summary Tab, select Show Details for the Tamper Protect.  Select show password, copy and paste the password into the server for the "Admin Login".