Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Subscribers 1 subscriber
  • Views 15350 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SHH - How to remove objects from quarantine?!?

BlackLion

Hi all,

nearly 500 virus warning mails and several hours later... we followed the steps described by Sophos support, and now our servers, pcs and laptops are up and running again with the latest Sophos updates and not reporting any virus alerts anymore (hope it is really all, will have to wait and see).

BUT:

On all servers, pcs and laptops the objects that were falsely reported as viruses are still listed as being in quarantine.

There is no option to remove them from quarantine, only "move" or "delete" (sorry, we are using a non-english version of Sophos, so I don't know what are the exact terms in the english version).

How do remove the objects out of quarantine??

Any help would be VERY appreciated.


Thanks in advance!

:31179


This thread was automatically locked due to age.
  • 0

    Hello BlackLion,

    what's in the Quarantine has no effect (unless you deliberately take one of the two actions). To clean the list go to the button on the bottom left, use "Select All" (or whatever it says in your locale) and "Clear from List".

    HTH

    Christian

    :31187
  • 0

    Same problem here. School with 100 odd computers many now showing quarantined files releating tossh/updater-B. What is the impact leaving these in quarantine?

    :31189
  • 0

    How can we centrally delete all those false quarantine entries in our clients.

    We have nearly 1000 clients, the manual way to clear it on every client is not a valuable solution.

    thanks for any help

    Michael

    :31193
  • 0

    Thank you very much Christian/QC !

    If there is a central way to delete everything at once from quarantine from all clients, then I would also be happy to know about. "Only" about 100 clients here, but still a lot of work ;-)

    Again thank you for your help Christian!

    Heiko

    :31195
  • 0

    Ok, I found out...

    To remove all objects out of quarantine from all clients at once:

    Simply select all clients in enterprise console, right mouse click, select "Delete alerts and errors..." (sorry, dont know the exact english term, we are using a german version of Sophos), then all messages from all selected clients will be shown in one dialog, select all messages and click delete.

    That did the trick for me.

    Be careful not to delete virus alerts from other (real) viruses if there are any ;-)

    :31207
  • 0

    Hello Heiko,

    If there is a central way

    not that I'm aware of. Except (definitely neither recommended nor supported) you could stop the Anti-Virus service, delete quarantine.xml from \...\Sophos\Sophos Anti-Virus\Config\ and start the service again. This will remove all entries (and perhaps some additional information) though.

    Christian

    :31209
  • 0

    Unfortunately this didn't work in my environment.

    The Objects are still in the quarantined list on the endpoint client.

    :31211
  • 0

    Hello again, Heiko

    I see you were talking about acknowledging the alerts from the console - they should still be present in the Quarantine on the client. The German translation ("löschen" - "delete") for "acknowledge" is a little bit misleading, "bestätigen" would be better (und üblicherweise sagen wir in dem Fall "quittieren", nicht?).

    BTW: The console uses the language (from Control Panel->"Regional and Language Options" or whatever it is called) in effect when it's started

    Christian

    :31213
  • 0

    Thanks for that.

    Looks like I can't do this from SEC and will have to visit each computer.

    Is that correct?

    Regards

    David

    :31229
  • 0

    Hello David,

    Looks like I can't do this from SEC

    Unfortunately AFAIK correct.

    Christian

    :31241