The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
We'd love to hear about it! Click here to go to the product suggestion community
A number of our devices have the status "Malware or potentially unwanted applications in quarantine". Is there a way to remotely remove items from the quarantine (we are using Sophos Central)?
Manual cleanup is commonly required for one of two reasons:
The item detected may actually be a program that can be uninstalled so check this first.
Delete the item from the folder by clicking on it once with the left mouse button and then pressing shift + delete on the keyboard - this by-passes the Recycle Bin. Click 'Yes' to confirm the deletion. Note: You can delete multiple items in the same folder at the same time by dragging the mouse cursor over them and pressing Shift + Delete. You don't have to delete item like this - it's just recommended, but if you delete items in the normal way ensure you empty the Recycle Bin afterwards.If the item no longer exists you will see an error message saying Error displaying this folder's content - this means the location no longer exists and you can try to open the location of the second item and check if that exists. Note: If the component detected ends with FILE:0000 or similar then the component was detected as it was attempting to run and will not exist on disk - you can therefore ignore all detected components that end like this.
Repeat step 7 for any additional items.
Once you have manually deleted the files from your computer, clear the item from the Quarantine Manager.
We recommend that you now run a full scan to confirm your computer is free of malware.