This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote quarantine cleanup?

A number of our devices have the status "Malware or potentially unwanted applications in quarantine".  Is there a way to remotely remove items from the quarantine (we are using Sophos Central)?



This thread was automatically locked due to age.
Parents
  • I know this is an older thread, but FYI, I wanted to let everyone know I wrote a PowerShell function to allow your help desk to perform the health service reset without annoying the user.  You'll need to login to Sophos Central to get the Tamper Protection Password.  Then, import the Powershell Module and run:

    "Reset-SophosHealthService -ComputerName <target> -TamperProtectionPassword <password>"

    It will then jump through the hoops - turn off tp, stop the service, rename the db, start the service, and turn on tp.  Of course you need local admin on the target computer.

    You can find the module on my public git repo: Sophos.psm1

    Hopefully that helps someone.  My goal was to make it easier for the help desk to handle these issues so that I didn't have to.

  • Just for ease of use:

     

    This seems to be the current URL to the PowerShell-Script:

    https://github.com/ir0nh3at/Scripts/blob/master/Sophos%20Stuff/Sophos.psm1

     

    From a fast check this script looks good, but who am I to trust. Always check the scripts you are trying to run before doing so!

Reply Children