Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 12142 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Alerts not clearing.

Testpilot

Hello

We are running Sophos Enterprise Console 5.2.0.644.

We are not able to Clear the alerts from the 'Resolve Alerts and Errors' tab anymore. After manually removing the virus/suspicious file on the Windows client we are still left with a sophos Client that thinks it has a virus/malware witch it doesn't, and a Sophos Enterprise console that thinks the client has a virus.


The only options i have in the enterprise console to resolve this are 'Select all / Clear all' all this does is check and uncheck the items (to my knowledge the clear option use to clear the alert from the window, but my college assure me this has always worked like this). 'Cleanup' and 'Acknowledge' both options i do not want to use, the first wont work because there is nothing to clean up, and the second i do not want to use because the file is a virus.

How do i clear this log in the enterprise console without actually logging in to the client and clearing the alert from there.

What am i missing?

Thanks for your support.

Greetings

Arris.

:44149


This thread was automatically locked due to age.
Parents
  • 0

    Hello Arris,

    Resolve Alerts and Errors

    the Select all / Clear all buttons are just a convenience for ticking/unticking all boxes. If at least one item is checked the Cleanup / Acknowledge (for alerts, for errors there's only Acknowledge) action buttons on the right bottom become active. Acknowledge clear the alert/error from the console. Indeed it has always worked like this.

    Alerts are "automatically" cleared from the console when the item is cleanable and has been either successfully cleaned up or hasn't been found on the client in the following situations

    • automatic cleanup was already in progress
    • cleanup has been requested on the client using the QM
    • cleanup has been requested from the console

    or

    • a local administrator removes the threat from the quarantine list but the threat might still be present. Whether it's on QM's or SEC's list or not has no effect on a subsequent re-detection though.

    OTOH, acknowledging an alert in SEC will not remove it from the client's QM.

    Whoever removes a threat "manually" (I assume it's delete or by using some other tool) from a client has usually also the necessary rights to clear it from the QM list which would clear it from SEC's list as well.

    Christian

    :44159
Reply
  • 0

    Hello Arris,

    Resolve Alerts and Errors

    the Select all / Clear all buttons are just a convenience for ticking/unticking all boxes. If at least one item is checked the Cleanup / Acknowledge (for alerts, for errors there's only Acknowledge) action buttons on the right bottom become active. Acknowledge clear the alert/error from the console. Indeed it has always worked like this.

    Alerts are "automatically" cleared from the console when the item is cleanable and has been either successfully cleaned up or hasn't been found on the client in the following situations

    • automatic cleanup was already in progress
    • cleanup has been requested on the client using the QM
    • cleanup has been requested from the console

    or

    • a local administrator removes the threat from the quarantine list but the threat might still be present. Whether it's on QM's or SEC's list or not has no effect on a subsequent re-detection though.

    OTOH, acknowledging an alert in SEC will not remove it from the client's QM.

    Whoever removes a threat "manually" (I assume it's delete or by using some other tool) from a client has usually also the necessary rights to clear it from the QM list which would clear it from SEC's list as well.

    Christian

    :44159
Children
No Data