Deal with suspicious files in quarantine

A suspicious file is a file that exhibits a combination of characteristics that are commonly, but not exclusively, found in viruses.

  1. On the Home page, under Anti-virus and HIPS, click Manage quarantine items.
  2. In the Show list, click Suspicious files.

Information about each item is shown in the columns.

Name displays the identity that Sophos Anti-Virus has detected. To learn more about the suspicious file, click the identity, and Sophos Anti-Virus connects you to the analysis of the suspicious file on the Sophos website.

Details displays the name and location of the item. If the item is associated with a rootkit, it is displayed as “Hidden”.

Available actions displays actions that you can perform on the item. Unless the item is hidden, there are three actions: Authorize, Delete and Move, described below. If you click one of the actions, the action is performed on the item, following confirmation. Hidden files can only be authorized.

Dealing with the suspicious files

To deal with the suspicious files, use the buttons described below.

Select all/Deselect all

Click these buttons to select or deselect all the items. This enables you to perform the same action on a group of items. To select or deselect a particular item, select the check box to the left of the item type.

Clear from list

Click this to remove selected items from the list, if you trust them. This does not delete the items from disk, however.

Perform action

Click this to display a list of actions that you can perform on the selected items.

  • Click Authorize to authorize the selected items on the computer, if you trust them. This adds the items to the list of authorized suspicious items so that Sophos Anti-Virus does not prevent them from being accessed.
  • Click Delete to delete the selected items from your computer. Use this function with care.
  • Click Move to move the selected items to another folder. The items are moved to the folder that was specified when cleanup was set up. Moving an executable file reduces the likelihood of it being run. Use this function with care.
CAUTION Sometimes, if you delete or move an infected file, your computer may stop working properly because it cannot find the file.

To configure what actions you can perform, refer to Configure user rights for Quarantine manager.

To see the list of authorized suspicious files, click Configure authorization.