Deal with alerts about ransomware

If you use role-based administration, you must have the Remediation - cleanup right to clean up detected items or clear alerts from the console. For more information, see Managing roles and sub-estates.

CryptoGuard blocks the process on the endpoint that has generated the ransomware alert. The block is only removed when you acknowledge the alert.

Note: If the endpoint is restarted the block is removed. A new ransomware alert is generated if the infected process restarts.
Remember: You must manually run Sophos Clean on the computer triggering the detection. If you do not, the computer will trigger the alert and the process will be re-blocked every time it runs.

To take action against ransomware alerts displayed in the console:

  1. In the Endpoints view, select the computer(s) for which you want to see alerts. Right-click and select Resolve Alerts and Errors.
    The Resolve alerts and errors dialog box is displayed.
  2. Select the ransomware alerts you want to clear and click Acknowledge.
    Acknowledged (cleared) alerts are no longer displayed in the console. This removes the block on the process.