Guest User!
You are not Sophos Staff.
A number of our devices have the status "Malware or potentially unwanted applications in quarantine". Is there a way to remotely remove items from the quarantine (we are using Sophos Central)?
Jasmin said:Hi
Sorry for the confusion.
You're right, I took it as permissions. However, Sophos also never changes the attribute of the file.
Did you get the notification like Manual clean up required or something like that? If that is the case Sophos had limited access to that or that file.
I'd request you to submit that file again to the Sophos sample submission
stating that it was not cleaned up automatically, so labs will check and will correct it if anything is required from Sophos end.
The file was a Microsoft Outlook document (.msg). I was getting multiple messages that the threat can't be cleaned as Sophos unsuccessfully tried to remove the file from the file system, I don't quite remember about being offered to clean them manually, next time I'll remember to look. I was wondering why Sophos can't clean it, and when I opened file properties to check permissions to make sure the system and my account have access to the file, I saw the RO attribute was set, so I cleared it, and then Sophos was able to remove the file. If Sophos detects a threat, I think it shouldn't wait for a user permission to change the attributes in order to remove a malicious file, because many users don't know much about computers and how everything works. And by automating this process Sophos would also lower unnecessary tech support calls.
