This article explains what to do next if there are alerts in the Sophos Cloud dashboard or you receive emails regarding 'Potentially unwanted application detected'.
Known to apply to the following Sophos product(s) and version(s)
Sophos Cloud Managed Endpoint
What To Do
Within the Sophos Cloud dashboard identify the endpoint(s) showing the Potentially unwanted application detected alert(s).
- Within 'Policies' (found under 'Users & Devices'), identify the policy associated with user reporting the alert.
- To confirm which policy is applied, enter the user's name in the search on the right-handside.
- Once confirmed, select the policy required and choose 'Edit'.
- Navigate through the wizard to the 'Malware scan performed' section for 'Define how malware, risky files and sites are scanned in the Additional Policy'.
- Select 'Scanning Exemptions' and click 'Add'
- Within 'Exemption for:' choose 'Potentially Unwanted Applications' from the list.
- Within 'Value' enter the name of the application and select 'Create'.
- Continue through the wizard and select 'Save'.
To remove an application:
Note: Cleanup can only be run as an administrative user.
- Check the threat analysis for any special details on removal.
- On the affected endpoint close down all programs.
- Open Sophos Endpoint Security and Control:
- Go to Start | All Programs | Sophos | Sophos Endpoint Security and Control | Sophos Endpoint Security and Control
- Click 'Scan my computer' to start a full system scan.
- At the end of the scan, click the link in 'Items passed to Quarantine' to open Quarantine manager.
- Select any items needing removal.
- From the 'Perform action' dropdown, select 'Cleanup'.
- Select 'Yes or 'Yes to all' to run cleanup.
- Any remaining items should be deleted.
- From the 'Perform action' dropdown, select 'Delete'.
- Select 'Yes or 'Yes to all' to delete files.
- Run another scan to ensure that the program(s) have been removed.
- If instructed during removal to reboot the computer, now do so.
If any problems are encountered during cleanup, click '[details]' and check for any error messages.