This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Infected Desktop Endpoint? Reload Reimage or Resolve with Cleanup

Let's say Sophos Endpoint detects a machine with a virus. The virus is quarantined and later an admin sends a command to clean-up that endpoint and does a full scan. Nothing else is detected. Do most admins consider this satisfactory OR is it prudent to reload / reimage the endpoint with a clean copy of Windows. Encase the cleanup doesn’’’’t get 100% of all virus/malware.

What is your vote?

This thread was automatically locked due to age.

0 QC over 10 years ago

Hello bgthoele,
the recommended setting is Automatically cleanup and if unavailable or it fails Deny access. Thus usually the majority of detections is cleaned up automatically. Note that in most cases the detection prevents the malware from running so even without automatic cleanup no changes have been made to the OS.
The situation is different with a generic detection, a partial detection, HIPS, or if something managed to sneak in. You should try to send a sample, during analysis potential side effects can be assessed and specific cleanup routines written. Rarely is a reinstall of the OS necessary. Please also note that threats also affect user data (not only documents but configuration files, registry and other settings as well). You have to consider all potentiall affected locations, not just the endpoint.
Christian
:56167
Cancel
Vote Up 0 Vote Down

Cancel