How to resolve 'Malware not cleaned up' alerts in Sophos Cloud

  • ID de l'article 119264
  • Mis à jour : 09 août 2013

This article explains what to do next if there are alerts in the SophosCloud dashboard or you receive emails regarding 'Malware not cleaned up'.

By default the policy applied to the endpoint will include "Automatically clean up items that contain virus/spyware" therefore if there are any detections which have been unsuccessfully cleaned up further actions are required on the endpoint(s). 

Known to apply to the following Sophos product(s)

Sophos Cloud Managed Endpoint
Sophos Cloud

What To Do

Identify affected endpoint(s)

  1. Within the SophosCloud dashboard identify the endpoint(s) affected with 'Malware not cleaned up' alert(s).
  2. Alternatively navigate to the 'Reports' section and select 'Events' and 'Alert: Malware not cleaned up' for more information.
  3. Either remotely connect or visit the endpoint(s) affected and follow the steps below to assist with cleanup of the infection on the endpoint(s):

To remove malware on the affected computer:

  1. Go to Start | Programs | Sophos | Sophos Endpoint Security and Control and run the 'Sophos Endpoint Security and Control' program.
  2. Click on 'Manage quarantine items'.
  3. In the Quarantine Manager, click the 'Available actions' column header to sort the list of threats according to the action available.
  4. For the following results in the Actions column:
    1. Clean up
      • Select the items displaying this option and then click 'Perform action | Clean up'
    2. Full scan required
      • Click on 'Home' and then 'Scan my Computer' to initiate a scan
      • Once the scan has complete, return to the Quarantine Manager and then clean up the detected items as per the results shown in the Actions column.
    3. Partially removed. Reboot required to complete the cleanup
      • Select these items and then click 'Clear from List'
      • Click on 'Home' and then 'Scan my Computer' to initiate a scan
      • Once the scan has complete, return to the Quarantine Manager to deal with any remaining items.
      • If this appears a second time for the same items, please contact your IT administrator.
    4. Insufficient rights, please contact your administrator
    5. Delete, Move, Authorize
  5. If you have cleaned up all of the items, but are finding that they are returning to your computer, please contact your IT administrator.

Further assistance with malware infections and reinfections

If you encounter further issues from the steps above, Sophos recommend using the Sophos Malware Remediation Toolkit (SMaRT).
See the procedures described in the downloadable SMaRT User Guide pdf 

 

 

 

 
Si vous avez besoin de plus d'informations ou d'instructions, veuillez contacter le support technique.

Évaluez cet article

Très mauvais Excellent

Commentaires