Keep getting malware alerts

I'm running Sophos Home Premium on my late 2015 iMac, OS 10.14.6 Mojave.  After installing I ran a full scan, which took around 8 hrs.  I have 3 questions:

(1) The report contained 2 malware detections that it couldn't remove:

However, looking in the /private/tmp directory, I can't find either of these files:

Why is that?  Is the malware really there?

(2) The documentation says when malware files are in /private/tmp they can usually be removed by restarting the computer, which I've done twice.  Yet, I still get the above two alerts, even though they don't seem to be there.

(3)  I ran a full scan yesterday, again taking several hrs.  It came back with this:

There is no indication here if anything was found (maybe it could say "This computer was scanned .... and found no malware...".  I looked in the Quarantine, History, etc tabs and can find nothing for that date.  So I'm assuming there really is no malware.  Yet every morning I get an alert about the 2 malwares noted above.

 

Any idea what's going on?

Thanks!

  • Hello K Housen,

    can't say what caused the detection and what these files are (the path suggest that it's something Sophos cached). Apparently the only action available on the alert is Ignore and not also Clean or Delete).

    I still get the above two alerts [...] every morning
    with the original date, isn't this so? It's a reminder that alerts are outstanding. While nothing was found in yesterday's scan it couldn't determine why and consequently did not clear the outstanding alerts. A subsequent scan does not "second-guess" the results of a previous if it can't find and scan an item listed in quarantine. If you choose Ignore you're telling Sophos to clear out the alerts - no other action is taken, further scans will continue to identify this threat (i.e. no exception is made, neither for path/file nor the particular threat).

    Christian

  • In reply to QC:

    Thanks Christian

    I wasn't sure if hitting "Ignore" would cause further scans to ignore that threat.  Sounds like that's not the case.  Good to know.