Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 10 subscribers
  • Views 16494 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Running malware in quarantine or cleanup failure

Paul Hutchings

When clients show "bad" status and all services are running but the status shows

"Running malware in quarantine or cleanup failure" what's the solution please?

There is no option in the client or the console to view/clean quarantine.

 


This thread was automatically locked due to age.
  • 0

    Hello Paul,

    Please follow these steps:

    Check the Central alert and look for file and path listed in it
    Navigate to that path on your endpoint, delete the affected file (if unable to delete it, you may need to perform the steps in safemode so that the file is released and you can modify it).
    In Sophos Central, navigate to the Alert and acknowledge it
    Reboot the endpoint
    Perform a system scan and confirm the alert has not re-appeared.

    If the issues persist, I would suggest to have a look at PeterM's response in this thread, and please reply to him with the required info so that we can further investigate the issue.

    Thank you,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0

    Same issue here. All services running. NO alerts, but shows

     
    Security Health
      Running malware in quarantine or cleanup failure
     
    I have rebooted the affected CPU.
    Ran a full scan.
    Searched for Quarantine - found none.
    No events.
    Also cleared Quarantine on Malwarebytes.
     
    I want this to show clean Green instead of Red.
     
    There's no indicator anywhere of what this might be.
  • 0 in reply to Deb Harmon

    Hello Deb Harmon ,

    If you have followed the above listed steps, the next thing to try is the response from PeterM's . If the issues persist after that, please file a case with support so that they can further investigate.

    Here's the response 

    Also, within that same thread, there is a workaround (however, it is recommended that you follow the previous steps and sbumit a case as needed).

    Regards

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Unfiltered HTML