Deal with application lockdown events
The application lockdown feature stops attacks that abuse legitimate features in commonly-used applications to perform an attack or launch malware.
When an application under lockdown does something prohibited, such as installing other software or changing system settings, these steps are taken:
- Intercept X automatically closes the application.
- The user is notified.
- A Sophos Clean scan starts. This can identify other potential malware components.
- A threat graph is generated.
What you should do
You should do as follows:
- Use the threat graph to identify the file or activity that is the cause of the attack.
- Confirm that no other action is required.