Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 9780 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to get rid of "Malware or potentially unwanted applications in quarantine" warning?

Moinul Islam

I have already verified from users machine locally and confirmed that the files has been deleted/empty trash. Rebooted twice but the console still shows RED. Normal if its a Windows Machine then i perform the following the CMD's to get rid of this status (after verifying its false-postive)

Net stop "Sophos Health Services"
cd c:\Programdata\Sophos\Health\Event Store\Database
RENAME events.db events.db.old
Net Start "Sophos Health Services"

But this MAC and i am not aware how to clean the db to get rid of this status...



This thread was automatically locked due to age.
  • 0

    Hello Moinul,

    Please see the steps I posted here, as well as PeterM's steps (right below my response) to properly address this alert. 

    If the issue persists, please file a case with Support so that they can further investigate and assist you .

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    You have updated the same steps which i know for Windows machine.

    I want to know the same process for MAC OS.

  • 0 in reply to Moinul Islam

    Hello Moinul,

    Per my previous response, the "normal" steps should take care of this alert. If after having followed those, you are still receiving the issue, it is recommended that you file a case with support for further investigation.

    For your convenience, here are the steps from PeterM: (if this fails, we would recommend you file a case for further analysis). 

    On one of the machines that is showing this message in the console, can you do the following (in this order):

    1. Login to the machine and double click on the Sophos icon in the task bar, check the status of the machine (Green, amber, red), if you can provide a screenshot of the "Events" tab that would help.

    2. In the console navigate to the same device and select the "Status" tab, scroll to the bottom of the page and check if their are any alerts. if there are then acknowledge them.

    3. Reboot the endpoint

    4. On the endpoint open Sophos again and click the "Scan" button.

    When the scan is complete if the status of the machine is green then check the console to see if the message has gone. If the endpoint is still amber or red can you take another screenshot of the "Events" tab and let me see it too.

    Once you have done all this, if it is still not fixed it sounds like something isn't working as designed so I would want to collect logs and investigate properly, but lets start with the above first.

     

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

Unfiltered HTML