Removing PUAs and spyware

  • Article ID: 114037
  • Rating:
  • 141 customers rated this article 3.1 out of 6
  • Updated: 15 Apr 2014

Removing spyware/PUAs

  1. Using Enterprise Console
  2. Sophos Anti-Virus for Windows
  3. Sophos Cloud

Potentially unwanted applications are not viruses or Trojans, however it is possible that they can be used maliciously. See the specific analysis for more information about the application concerned. If the application is required, it should be authorized.

The removal of PUAs and spyware is supported only in Sophos Endpoint Security and Control for Windows. No other version of Sophos Anti-Virus for any platform can detect and remove unwanted applications. They will only remove viruses, worms and other malware.

  • If the analysis includes special information on removal, those instructions should be used.
  • If the application was installed by third-party software, that software should be removed at the same time.

Automatic removal is not provided because there are frequently a number of considerations to take into account, and the role or desirability of a PUA may on occasion be unclear, hence the name potentially unwanted applications.

1. Using Enterprise Console

To remove a spyware/PUA program:

  1. In Enterprise Console, right-click the affected computer or group.
  2. Select 'Resolve Alerts and Errors...'
  3. Check the box next to the item to be cleaned up.
  4. Click 'Cleanup'
  5. Run a full system scan on the computer to check that all items have been removed.

If any problems are encountered during cleanup, double-click the computer in Enterprise Console and check for any error messages.

If problems persist, go to the affected computer and remove the program.

The report of the item will be removed from the 'Outstanding alerts and errors' section of the computer details pane for the affected computer(s).

Separate instructions describe removing viruses, Trojans and worms over a network using Enterprise Console.

2. Sophos Anti-Virus for Windows

Note: Cleanup can only be run as an administrative user.

To remove an application:

  1. Check the threat analysis for any special details on removal.
  2. Close down all programs.
  3. Open Sophos Endpoint Security and Control:
    • Go to Start | All Programs | Sophos | Sophos Endpoint Security and Control | Sophos Endpoint Security and Control
  4. Click 'Scan my computer' to start a full system scan.
  5. At the end of the scan, click the link in 'Items passed to Quarantine' to open Quarantine manager.
  6. Select any items needing removal.
    • From the 'Perform action' dropdown, select 'Cleanup'.
    • Select 'Yes or 'Yes to all' to run cleanup.
  7. Any remaining items should be deleted.
    • From the 'Perform action' dropdown, select 'Delete'.
    • Select 'Yes or 'Yes to all' to delete files.
  8. Run another scan to ensure that the program(s) have been removed.
  9. If instructed during removal to reboot the computer, now do so.

If any problems are encountered during cleanup, click '[details]' and check for any error messages.

Additional information on cleanup

If cleanup shows as unavailable either in the Console or on the endpoint ensure a full system scan has completed recently. If cleanup is still unavailable it's likely that the PUA in question does not have automatic cleanup and so should be removed manually. Consult the Threat Center for more details.

thank you for the feedback

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent