What to do when an 'Outbreak' is reported in your Sophos console

  • Article ID: 116857
  • Rating:
  • 1 customers rated this article 6.0 out of 6
  • Updated: 02 Oct 2012

Issue

Your Sophos console displays an 'Outbreak' message in the computer list view or the computer details view (in the same location as named malware is listed). This article describes what this means and what to do about it.

Sophos Products


Sophos Enterprise Manager
Enterprise Console

Cause

A special alert which uses the term 'Outbreak', is displayed in the console when the Quarantine Manager on any given computer has 200 items listed in it. Typically:

  • When more than one instance of a specific piece of malware is detected, the Quarantine Manager records all of these on one line (i.e. this counts as one item).
  • When different types of malware are detected, each individual detection is listed on a separate line (each line counts as an item).

When the Quarantine Manager has 200 items in it, it sends the 'Outbreak' message to the console. Once this message has been sent, Quarantine Manager will not send any more messages until the number of items it contains is reduced to less than 200 (by whatever means).

It is possible to have one or many reports of an outbreak in the console depending on whether the message comes from only one endpoint computer or from many endpoints. Every endpoint computer on which the Quarantine Manager has 200 items in it, will send an 'Outbreak' message.

What To Do

In order to most effectively clean up your system and identify the source of infection, use the Sophos Malware Remediation Toolkit (SMaRT).

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments