FAQ | Frequently Asked Questions

brought to you by your friendly
UC Davis Geology Department Computing Support Team

Q: What setting should I use in Sophos Anti-Virus for dealing with threats?
A: My preference is to just Delete the threat.

To adjust the Sopoos Anti-Virus Preferences, click on the black Sophos shield icon in the menu bar and select Open Preferences…

Sophos Open Preferences screenshot

If the padlock icon in the lower left corner is locked, click the icon and authenticate to make changes.

Select the On-access Scanning tab. Set the When a threat is found pop-up to: Delete threat

Sophos On-access scanning Delete threat screenshot

Do the same for the Scan Local Drives settings…

Sophos Scan Local Drives screenshot

In the Messaging tab, uncheck Warn before cleaning up threats in Quarantine Manager.

Screenshot: Sophos Messaging do not warn about quarantine

By the way, Clean up threat entails a complicated strategy of attempting to go in and surgically remove the malware from the infected file, hoping to leave the original file intact.

IMPORTANT: Cleaning up a threat might not be able to undo all the actions the threat has taken on this Mac. For example, if the threat changed the value of a setting, the cleanup process might not know the original setting. You might have to verify the Mac’s configuration. Cleaning up an infected document does not repair any changes the threat has made to the document.

To learn how to proceed with attempting to clean up a threat manually, launch Sophos Anti-Virus, select from the Sophos menu bar: HelpSophos Anti-Virus Help and then Dealing with threats

To open the Quarantine Manager, launch Sophos Anti-Virus, select from the Sophos menu bar: WindowsQuarantine Manager…

Here’ the short answer:

If Sophos Anti-Virus cannot clean up a threat, Quarantine Manager indicates that it must be cleaned up manually.

To clean up a threat manually:

  1. In Quarantine Manager, click the threat name link. The threat analysis web page is displayed in your web browser.
  2. On the web page, click the Action tab.
  3. Follow the instructions there for dealing with the threat.
  4. To ensure that the threat has been cleaned up, run a local drives scan (see Scan local drives). The threat is automatically cleared from Quarantine Manager.