Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 3496 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos cleaning

LimonPaani

Any suggestions as to why Sophos can't clean a user's recycle bin, appdata (also local appdata), and areas where temp internet files are stored under the user?

Thanks.

:44907


This thread was automatically locked due to age.
Parents
  • 0

    Hello LimonPaani,

    that's a lot of answers needed :smileyhappy: (or maybe it's because Sophos can't clean is imprecise :smileytongue:).

    can't clean ... areas

    Cleanup works starting from a detection (usually a file, sometimes memory ...). The detection is recorded and if there is a cleanup routine associated with the threat it is dispatched. It might scan for potential related items (e.g. modified registry keys, additional rogue files in "the usual places") attempting to clean up (which can also simply mean: delete) what is found.

    It will can not clean/delete locked files (e.g. the image a rogue application is still running from), it will not manipulate archives (i.e. change or delete items within), when running in a user's context the user's permissions apply.

    can't clean might also mean a failed cleanup ... it's better you ask specific questions if the above is not sufficient.

    Christian

    :44943
Reply
  • 0

    Hello LimonPaani,

    that's a lot of answers needed :smileyhappy: (or maybe it's because Sophos can't clean is imprecise :smileytongue:).

    can't clean ... areas

    Cleanup works starting from a detection (usually a file, sometimes memory ...). The detection is recorded and if there is a cleanup routine associated with the threat it is dispatched. It might scan for potential related items (e.g. modified registry keys, additional rogue files in "the usual places") attempting to clean up (which can also simply mean: delete) what is found.

    It will can not clean/delete locked files (e.g. the image a rogue application is still running from), it will not manipulate archives (i.e. change or delete items within), when running in a user's context the user's permissions apply.

    can't clean might also mean a failed cleanup ... it's better you ask specific questions if the above is not sufficient.

    Christian

    :44943
Children
No Data