We'd love to hear about it! Click here to go to the product suggestion community
A number of our devices have the status "Malware or potentially unwanted applications in quarantine". Is there a way to remotely remove items from the quarantine (we are using Sophos Central)?
In reply to Jiri Hadamek:
Thanks, as I mentioned this could be a product issue, I want to understand it so will try some testing at our end. If you see this again, especially if the message is showing in the console and the endpoint is showing as a green status then please log a support case so we can investigate the logs.
In reply to PeterM:
In our case the PUA file was inside the archive and that was listed under EVENTS of that device on Sophos Central.
And that switched computer status from "Healthy" to "Questionable".
Why Sophos doesn't remove PUA from archives?
The problem here is that we need some kind of centralized tool in the Sophos Central, so we don't have to remotely access every problematic machine or, even worse, to be there locally every time a problem arises.