Manual Cleanup

Hi Marlys Seyer,

If malware is detected on your Mac, and Sophos Anti-Virus informs you that it must be cleaned up manually, this means that you must create a custom scan.

1. If there are any threats for which the action available is 'Clean up manually', create a custom scan.
2. For each item labeled 'Clean up manually', select the item in Quarantine Manager and make a note of the Path and Filename:
3. In the Options tab, select 'Delete threat' from the drop-down menu.
4. Click Done.
5. Click 'Scan Now' to run the scan.

Note: If any threats still exist as 'Clean up manually' after performing the custom scan with the Delete option, the files are probably contained on a backup volume or inside an archive. These are not deleted by Sophos, as they probably contain a lot of information you do not wish to delete as well as the detected file.

For step by step walk-through please refer How to remove malware from a Mac OS X computer

Thank you, Gowtham, for responding to my inquiry.  I am unable to follow your steps as outlined as I do not have an Options tab.  

In my Quarantine Manager, I have three items listed as threats.  Item Status shows that they have to be cleaned up manually.  And below are buttons to Authorize or Clear from List.  The Cleanup button is grayed out.  I have no other buttons and no tabs.  Any suggestions?  Please advise.  Thanks!!  Marlys

Hi Marlys Seyer,

Please check if this video helps you. If you have any difficulty in creating the scan, please share a screenshot of the Antivirus console so that I can guide you accordingly.

The instruction listed on this article, https://community.sophos.com/kb/en-us/118117, is very old.  It does not seem to applied to the "Sophos Endpoint Protection for macOS" version 9.7.6.  For example, there is no quarantine manager and custom scan.

Please update how to manually cleanup threats on the latest Sophos Endpoint Protection for macOS.  Thanks.  

Hi lissa coffey 

I'd request you please create a new post with the issue you are facing with the Sophos product.

I think he was talking about Sophos Central.
Our way to handle Threats on MacOS is like following:

1. Disconnect / isolate the affected device from your corporate network
2. Check out the path Central is referring to and search for the files in your Finder.
3. Delete the files Intercept X could not delete by hand.
4. Click on "Scan now" locally in the Intercept X client
5. Verify that all files were wiped successfully and reconnect your device to the network
6. Check out Sophos Central and close the Threat Case

Old Thread I know, but maybe this steps are helping out other users as well.