We'd love to hear about it! Click here to go to the product suggestion community
PC Windows 10
I'll receive a windows pop-up notification to the side that Sophos has detected malware/fakeav-jo and moved it to quarantine. When I open Sophos I see the file briefly in quarantine before it disappears by itself.
The pop-up notification of this malware keeps appearing at least 5x in a row with the same message. These episodes also happen about twice a month. What's going on here?
Hello Lynn M,
briefly in quarantine before it disappearsthis is normal. When automatic cleanup is enabled and a threat is cleanable a cleanup routine is dispatched. Depending on the threat it might perform a simple action like deleting the file, do some additional specific scanning, or even decide that a full scan is required. A file appears in QM immediately after detection, once cleanup is successful it will disappear.
5x in a row with the same messagean important pice of information is the file's path, it might give a hint which application is responsible. Likely the detection is on write and the application (e.g. Dropbox sync) might check whether the file has been successfully written and retry a few times.
What's going on here?Hard to say from the outside without more information. If you have no idea why it happens about twice a month the Source Of Infection tool might help to find the culprit.
In reply to QC:
Hello Lynn M
In addition to what QC wrote, consider running Microsoft Autoruns to see if there are any unusual programs that are running automatically, and is triggering the detection.
Sometimes it's a scheduled task that is running a script that seems unusual but may be causing behavior that is malicious and is triggering a detection.
For more information on MS Autoruns I recommend you read the official article here: https://technet.microsoft.com/en-gb/sysinternals/bb963902.aspx.