Alerts

The Alerts page lists all the alerts that require your action.

Restriction Some features might not be available for all customers yet.

Alerts that are resolved automatically are not shown. To view all events, go to Logs & Reports > Events.

Note The alert event time is not updated if the same event occurs repeatedly.

On the Alerts page, you can do as follows:

  • Group alerts.
  • Filter alerts.
  • Take action against alerts.
  • Change the frequency of email alerts.

For information about the different types of alerts, see the other help pages in this section.

Note If you have Intercept X Advanced with EDR you can investigate, block and clean up threats from Threat Cases.

Group alerts

You can group together all alerts for a specific threat or event under a single entry in the list. This makes alerts easier to manage.

Enable Group (upper right of the page).

To see the number of alerts for each group entry, look in the Count column.

To display all the alerts in a group, click the fold-out arrow on the right.

Filter alerts

To view alerts with a specific priority, click the figures for High Alerts, Medium Alerts or Low Alerts at the top of the page.

To view alerts for a specific product or threat type, use the drop-down filters above the alerts list.

Take action against alerts

You can take action against alerts.

To take action against an individual alert, click the drop-down arrow next to an alert to open its details. In Actions, click an action link (if available).

If you're viewing groups of alerts, click an action button (if available) next to the group in the list.

Note If you want to allow an application that Sophos deep learning reports as malware, you do it from the Events page, not here.

The following actions are available for alerts, depending on the alert type.

  • Mark As Acknowledged: Click this to remove an alert from the list. The alert will not be displayed again.

    This does not resolve threats and does not remove threat details from the quarantine manager on the computer or server.

  • Mark As Resolved: Click this if the threat has already been resolved on the endpoint computer or server. This action clears the alert from the list in Sophos Central and also clears threat details from the quarantine manager on the computer or server.

    This action does not resolve threats.

    This action is only available for Windows endpoint computers or servers.

  • Clean Up : Click this to remove ransomware from a server.
  • Reinstall Endpoint Protection: Click this to go to the Protect Devices page, where you can download the Sophos agent software.
  • Contact Support: Click this to get additional help. This action becomes available when you might need help, for example when malware cleanup fails.
  • Clean Up PUA: Click this to clean up a Potentially Unwanted Application (PUA) that has been detected.

    This action is available only for computers.

    This action might not be available if the PUA has been detected in a network share. This is because the Sophos Endpoint Protection agent does not have sufficient rights to clean up files there. For more information on dealing with PUAs.

  • Authorize PUA : Click this to authorize a Potentially Unwanted Application (PUA) to run on all computers. You might do this if you consider the application useful.

    This action is available only for computers.

Change the frequency of email alerts

You can change the frequency with which an alert type is sent.

Click the drop-down arrow next to an alert to open its details. In Email Alert , select the frequency for sending this type of alert.

This setting will be added to the Exceptions in your email alert settings. You can also edit the setting there.