Running malware in quarantine or cleanup failure

I am seeing Running malware in quarantine or cleanup failure because of credential theft that is occurring.

There isn't anything else standing out to be a threat as I have ran full scans and deep scans.

Thank goodness for credguard that is preventing it. But how do I know that the machine is actually clean or how do I resolve this matter because I am not allowing something I don't know and marking as resolved only for it to come back the following day or later the day isn't an option.

I have made sure the device is patched fully and it is.

Please assist.

Thank you

  • Thank you for reaching out to the community forum.

    I suspect that what you're seeing on the endpoint was a caching that didn't get flashed. Sometimes, this happens on the endpoint side.

    If you're sure that there's nothing came on after you've performed Full Scann on the system you can open Sophos Endpoint> Log in as Admin> Go to Events> Find the alert> Select "Ignore". Once the device communicates with Sophos Central, the alert will be removed or you can perform a manual update on the endpoint itself. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids