Sophos Central alert stuck – Malware or potentially unwanted applications in quarantine

Issue

Sophos Central web console reports a PC with medium severity alert “Malware or potentially unwanted applications in quarantine“. The potentially unwanted application (PUA) in question has been since added to the global Sophos whitelist is no longer triggering any new alerts. However, this particular alert got stuck and can not be cleared using normal methods.

Sophos Central Alert

Resolution

  • On Sophos Central Console disable Tamper Protection for the PC in question.
  • On the PC stop “Sophos Health Service“.
  • Delete (or rename) file: C:\ProgramData\Sophos\Health\Event Store\Database\events.db
  • Start “Sophos Health Service“.
  • On Sophos Central Console re-enable Tamper Protection.

March 2019
Sophos Central Console
Sophos Endpoint Protection

 


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *