Jump to main content
Overview
This guide is for IT administrators with a working understanding of Sophos products and local IT infrastructure.
An active malware incident is malware running on one or more devices in your environment.
Identification
Types of malware infection and their common symptoms.
Unknown malware
You can try to find out which malware you have on your devices.
False positives
You can deal with false positives.
Ransomware remediation workflow
Follow these steps to remediate a ransomware attack.
TrickBot or Emotet remediation workflow
Follow these steps to remediate a TrickBot or Emotet infection.
Coin miners remediation workflow
Follow these steps to remediate a coin miner attack.
Malicious LNK [Shortcut] worm remediation workflow
Follow these steps to remediate a malicious LNK worm attack.
Legal notices

About this guide

This guide tells you how to deal with a malware attack.

e3d372d49616b17dc484a342f06b6bd67b3e9e46