Skip to content


This guide is for IT administrators with a working understanding of Sophos products and local IT infrastructure.

Malware is the general term we use to describe any computer threat, including Trojans, worms, and computer viruses. In most cases, Sophos Endpoint Protection and Intercept X Advanced allow you to quickly and easily clean up most of the malware detected. However, depending on the specific threat detected, the cleanup process may involve several steps.

An active malware infection has many tell-tale signs, which include:

  • Your files are encrypted by ransomware software, rendering them useless.
  • One or more detections are happening continuously on devices across your network.
  • Programs or windows are suddenly opening or popping up without user intervention or your knowledge.
  • One or more devices are sending out spam emails.
  • Devices run slower than usual, and there's a noticeable lag during normal operations.

If you're experiencing any of these symptoms, we recommend you immediately contact the Sophos Managed Detection and Response (MDR) team so we can assist you. Sophos MDR provides lightning-fast assistance with identifying and neutralizing active threats against your organization, delivered by a dedicated team of expert incident responders. See Rapid Response.

This video gives an introduction to malware remediation.