Deal with alerts about detected items
If you use role-based administration, you must have the Remediation - cleanup right to clean up detected items or clear alerts from the console.
To take action against alerts displayed in the console:
Cleanup status |
Description and actions to take |
---|---|
Cleanable |
You can remove the item. To do this, select the alert or alerts and click Cleanup. |
Threat type not cleanable |
This type of detected item, for example, suspicious file, suspicious behavior or malicious network traffic, cannot be cleaned up from the console. You have to decide whether you want to allow or block the item. If you do not trust the item, you can send it to Sophos for analysis. |
Not cleanable |
This item cannot be cleaned up from the console. |
Full scan required |
This item may be cleanable, but a full scan of the endpoint is required before the cleanup can be carried out. |
Restart required |
The item has been partially removed, but the endpoint needs to be restarted to complete the cleanup. Endpoints must be restarted locally, not from Sophos Enterprise Console. |
Cleanup failed |
The item could not be removed. Manual cleanup may be required. |
Cleanup in progress (started <time>) |
Cleanup is in progress. |
Cleanup timed out (started <time>) |
Cleanup has timed out. The item may not have been cleaned up. This may happen, for example, when the endpoint is disconnected from the network or the network is busy. You may try to clean up the item again later. |