Alerts

This section describes the alerts the Security VM sends when threats are detected and cleaned up.

Threat alerts

If the Security VM detects a threat on a guest VM, you see these alerts in Sophos Enterprise Console:

  • An alert is displayed on the dashboard.
  • A red warning icon is displayed in the computer list, on the Status tab, next to the Security VM in Alerts and errors.

If the threat is cleaned up automatically, the threat alert is cleared from Sophos Enterprise Console.

To find out which guest VM the alert applies to, double-click the Security VM in the computer list. In Computer details, under Outstanding alerts and errors, look for the alert description. The guest VM details are shown, followed by the path of the threat, like this:

MachineName(IP address)/C:\threat.exe

If the Security VM detects a threat when a user tries to access a file, a message may also be displayed on the guest VM informing the user that the file cannot be accessed. This depends on the application used to access the file.

Alerts after cleanup

If a threat is cleaned up, the alert is cleared from Sophos Enterprise Console.

The cleanup is also reported in Sophos Enterprise Console. To see the report, double-click the Security VM in the computer list to open Computer Details and look for History.

If the threat has been partially removed, but the guest VM needs to be restarted to complete the cleanup, a "Restart required" alert is displayed.