Restoring Files Moved by Sophos Anti-Virus Due To A False Positive

  • Article ID: 118315
  • Rating:
  • 184 customers rated this article 1.4 out of 6
  • Updated: 09 Mar 2015


Following an unwanted 'Shh' detection you wish to restore files that were moved from their original location. 


  • For this to occur your anti-virus configuration was set to the non-default option of: 'Deny access and move to.'.
  • Items shown in the Quarantine Manager have not been moved. This article is therefore not relevant for those entries.

First seen in
Sophos Anti-Virus for Windows 2000+


An unwanted detection has moved files from their original location to an 'INFECTED' (or custom defined) directory.

What To Do

See article 118323. The updated endpoint remediation script now has the ability to move files back to their original location in addition to all the previous functionality.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent