Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 1087 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos is clearing the malware locally but malware is being detected again

Hosni Adnan

Hi

One of my endpoints have two malware detection event that says manual cleanup required. but after sometimes 2 more events come that malware was locally cleaned up.

but after that again the two events come that malware detected in the same file and manual cleanup required.

My question is that 1. if sophos was able to cleanup the malware locally why it is detected again?

                                2. What does malware locally cleaned up means?

I have given a screenshot where you can see malware detected and cleanup required at 9.51AM then was localy cleared at 10.40AM and again same thing detected at 3.50PM



This thread was automatically locked due to age.
Parents
  • 0

    Hello Hosni,

    Thank you for reaching out to the Sophos Community. 

    Looking into the following documentation, the "Malware locally cleared" event states that "A malware alert has been cleared from the alerts list on an endpoint computer." 
    https://docs.sophos.com/central/Customer/help/en-us/central/Customer/common/concepts/EventTypes.html

    Do you know if any backup utilities could be re-populating the files onto your disk, resulting in the repeated detection? Considering the events are coming up after a full system scan, there’s a possibility that the full system scan does not find the malicious file present any longer and, as a result, clears the alert. 

    I will reach out to you via DM to inquire for more information. 

Reply
  • 0

    Hello Hosni,

    Thank you for reaching out to the Sophos Community. 

    Looking into the following documentation, the "Malware locally cleared" event states that "A malware alert has been cleared from the alerts list on an endpoint computer." 
    https://docs.sophos.com/central/Customer/help/en-us/central/Customer/common/concepts/EventTypes.html

    Do you know if any backup utilities could be re-populating the files onto your disk, resulting in the repeated detection? Considering the events are coming up after a full system scan, there’s a possibility that the full system scan does not find the malicious file present any longer and, as a result, clears the alert. 

    I will reach out to you via DM to inquire for more information. 

Children
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?