In this section

• Home
• Support
• Knowledgebase
• Articles

Online support

• Knowledgebase
• Virus disinfection

Product maintenance

• Downloads and updates
• Documentation
• Software lifecycle

Contact support

• Talk to an expert
• Send a sample
• Email us

Support services

• Overview
• Technical Support
• Professional Services
• Technical Training

Enterprise Console: removing generically detected files

In Enterprise Console, removal actions are implemented by group. The presence of a generically detected file will be indicated by a report in the Alerts column of Enterprise Console.

What to do

Generically detected files should be removed. Treat all existing groups by setting up a scheduled scan for the near future which will remove the generically detected files.

Enterprise Console version 3

1. Highlight the group of computers that you want to disinfect.
2. Check which anti-virus and HIPS policy is used by the group(s) of computers you want to disinfect:
   • Find the group in the Groups pane.
   • Right-click and select View group policy details.
3. In the Policies pane, double-click 'Anti-virus and HIPS'.
4. Double-click the policy you want to change.
5. In the 'Scheduled scanning' area of the dialog box, click 'Add'.
6. Give the scan a name, e.g. 'Remove', and select a time in the near future.
7. Click 'Configure' to change the scanning and cleanup settings.
8. Click the Cleanup tab.
9. Select 'Delete'.
10. Click 'OK' four times to confirm your scheduled scan.

Enterprise Console version 2

1. Highlight the group of computers that you want to disinfect.
2. In the bottom left hand pane, select 'Anti-Virus',
3. Double-click your policy.
4. In the 'Scheduled scanning' area of the dialog box, click 'Add'.
5. Give the scan a name, e.g. 'Remove', and select a time in the near future.
6. Click 'Configure' to change the scanning and cleanup settings.
7. Click the Cleanup tab.
8. Select 'Delete'.
9. Click 'OK' three times to confirm your scheduled scan.

Enterprise Console version 1

1. Highlight the group of computers that you want to disinfect and select 'SAV policy'.
2. In the 'Scheduled scanning' area of the dialog box, click 'Add'.
3. Give the scan a name, e.g. 'Remove', and select a time in the near future.
4. Click 'Configure' to change the scanning and disinfection settings.
5. Click the Disinfection tab.
6. Select your removal options.
   • To remove files, in 'Other actions against infected files' select 'Delete'.
7. Click 'OK' three times to confirm your scheduled scan.

Note:

• Files will be automatically deleted. You are not given a chance to confirm.
• All computers in the group will be included in the scheduled scan.
• Files that are locked by the operating system of an affected computer cannot be removed remotely.

• Removal will only be visible in Enterprise Console. The workstation user will see nothing.

Plan your scan accordingly.

When the scan has finished, check the computers for any remaining files.

1. Right-click the computer and select 'View computer details'.
2. Scroll down the log.
3. Any remaining reports are listed in bold type.
   • If the file is on the computer involved, deal with it locally.
   • If the file is reported from another computer, deal with it on that computer.
4. When all files have been removed, disable the scheduled scan.

After you have removed the files, clear the remaining alerts.

1. Right-click the computer and select 'Clear alerts'.
2. In the 'Virus alerts' tab, clear all incidents you have dealt with.
3. Unsuccessful removal attempts (e.g. on remote computers) will be listed in the 'Sophos Anti-Virus errors' tab. Clear them where appropriate.

You should now have no remaining file or error alerts in the console.

If you need more information or guidance, then please contact technical support.

• Article ID: 17422
• Created: 5 Oct 2006
• Last updated: 4 Mar 2008

Rate this article Choose a rating Very useful Quite useful Moderately useful Not very useful Not useful at all

•  Read our search tips
• Contact one of our experts
• Suggest an improvement