Deal with application lockdown events

The application lockdown feature stops attacks that abuse legitimate features in commonly-used applications to perform an attack or launch malware.

When an application under lockdown does something prohibited, such as installing other software or changing system settings, these steps are taken:

  • Intercept X automatically closes the application.
  • The user is notified.
  • A Sophos Clean scan starts. This can identify other potential malware components.
  • A threat case is generated.

What you should do

You should do as follows:

  • Use the threat case to identify the file or activity that is the cause of the attack.
  • Confirm that no other action is required.