Policies Set to Quarantine but SHH files deleted anyway

---

-jimi- wrote:

I have several unmanaged clients with policies set on them to clean known virii, but to quarantine anything that can't be cleaned.  The systems are not set to move or delete, just quarantine.  However, several machines have deleted Almon.exe, inetconn.dll, Adobe updaters, etc...

Is anyone else seeing this issue?

---

I haven't seen any reports of this, and it is not something that should happen with the OnAccess cleanup settings you have set. One possible explanation is a scheduled scan with the Delete cleanup option having been run. The %allusersprofile%\Sophos\Sophos Anti-Virus\Logs\SAV.txt log should give you more information to determine what happened.

---

-jimi- wrote:

I have several unmanaged clients with policies set on them to clean known virii, but to quarantine anything that can't be cleaned.  The systems are not set to move or delete, just quarantine.  However, several machines have deleted Almon.exe, inetconn.dll, Adobe updaters, etc...

Is anyone else seeing this issue?

---

I haven't seen any reports of this, and it is not something that should happen with the OnAccess cleanup settings you have set. One possible explanation is a scheduled scan with the Delete cleanup option having been run. The %allusersprofile%\Sophos\Sophos Anti-Virus\Logs\SAV.txt log should give you more information to determine what happened.