mass-release from quarantine

Question

Hi all, 
 i've got a false-positive outbreak detected on one fileserver. 
 There're around 100 Items in Quarantine - alerts spread over 6 pages in Events-Section in central. i went through that list multiple times but was able to release 95 elements from quarantine only. 
 So now i have 5 items left. But: there's no overview which items are released and which are not. Due to all detections having the same timestamp it seems like order i different everytime i switch from page to page. 
 
 So i go through every item on every page and manually click "Details" to check whether released or not. 
 Why is there no table-view with multi-selection of quarantine-items to release or delete / acknowledge. I cannot order the event list, i cannot see from view which is released, and everytime you release one item it jumps back to page 1. 
 Any ideas/workarounds?

Qoosh · Answer

Hi FFin , 
 Thanks for reaching out to the Sophos Community Forum. 
 When you encounter "Generic ML PUA" detections, we suggest sending in the offending exe through our sample submission portal so the exe can be properly analyzed by our Sophos Labs team. - https://support.sophos.com/support/s/filesubmission?language=en_US 
 If you trust the detected executables, an immediate step you can take is to exclude the path where the executables reside. This can be done from the "Allowed Application" section under "General Settings". An exclusion such as "D:\Data\Departments\Software....\Application*.exe" may work. Be as specific as possible when using wildcards. Adding as much of the file path as possible or including the first few characters of the exe name will help with this. See: Allowed Applications 
 I suggest proceeding with caution when using wildcards to exclude executables. Once the samples you send in have been analyzed, remove the temporary exclusion to ensure you are not allowing unexpected applications.