Deal with alerts about detected items
If you use role-based administration, you must have the Remediation - cleanup right to clean up detected items or clear alerts from the console. For more information, see Managing roles and sub-estates.
To take action against alerts displayed in the console:
|
Cleanup status |
Description and actions to take |
|---|---|
|
Cleanable |
You can remove the item. To do this, select the alert or alerts and click Cleanup. |
|
Threat type not cleanable |
This type of detected item, for example, suspicious file, suspicious behavior or malicious network traffic, cannot be cleaned up from the console. You have to decide whether you want to allow or block the item. If you do not trust the item, you can send it to Sophos for analysis. For more information, see Find information about detected items. |
|
Not cleanable |
This item cannot be cleaned up from the console. For more information about the item and actions you can take against it, see Find information about detected items. |
|
Full scan required |
This item may be cleanable, but a full scan of the endpoint is required before the cleanup can be carried out. For instructions, see Scan computers now. |
|
Restart required |
The item has been partially removed, but the endpoint needs to be restarted to complete the cleanup. Note Endpoints must be restarted locally, not from Sophos Enterprise Console.
|
|
Cleanup failed |
The item could not be removed. Manual cleanup may be required. For more information, see Clean up computers now. |
|
Cleanup in progress (started <time>) |
Cleanup is in progress. |
|
Cleanup timed out (started <time>) |
Cleanup has timed out. The item may not have been cleaned up. This may happen, for example, when the endpoint is disconnected from the network or the network is busy. You may try to clean up the item again later. |
If you decided to allow an item, see Authorize adware and PUAs or Authorize suspicious items.