Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 10 subscribers
  • Views 10480 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't remove trojan from server

BenjaminR

Sophos central detected 'Troj/MeterMem-A' on our fileserver. Unfortunately Sophos wont delete it. I've restarted the server, re-scanned the server, etc. Still it shows with a red sign that it cant be deleted. 

 

What is the best course of action for it to be removed and get the Sophos server status back in the green?

 

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to QC

    Hi Christian,

    Thanks for the reply. No, luckily it;s not repeated detections. It's a very old detection that I just cant get rid of. It was cleaned already I suspect, but somehow there is no option to clear it. I will contact support I guess.

     

    Thanks!

     

    Benjamin

  • 0 in reply to BenjaminR

    Hello Benjamin,

    a very old detection
    in this case you probably don't need to contact support. Central Admin doesn't let you mark the Alert as resolved?

    Christian

  • 0 in reply to QC

    No, because it doesn't show in the alerts tab (see screenshot below).

     

     

    Is there some way to get into the quarantine folder to see if there is anything?

  • 0 in reply to BenjaminR

    Hello Benjamin,

    and it's not on the Alerts list you access from the dashboard, is it?

    the quarantine folder
    there isn't such a folder AFAIK and anyway  how should a threat detected in memory be stored? The quarantine is the list of detected and yet unresolved threats.

    I'm not using Central, I understand that the local GUI has been "reduced" - is the Alert listed under Events? While the Help says actions you can take are the same as those available in the Sophos Central Admin console I'm not sure whether this includes marking it as resolved (naturally if the alert is shown in the list at all).

    Christian

  • +1 in reply to QC

    I've been in contact with Sophos support. They have deleted the db file which stores notifications. It didnt refresh, so that was the problem. The threat was long gone. ;-)

     

    Thanks for the help!

Unfiltered HTML