Page 1 of 1

Sophos quarantine manager: Should I "Clear from list"?

Posted: Mon Jan 24, 2011 2:34 am
by ulupoi
1. Once Sophos quarantines something, does it still pose a threat?

2. What do we do with the items in the Quarantine Manager? The church's installation of Sophos doesn't seem to allow us to clean up or delete anything. I keep getting pop-up windows with warnings about viruses that I assume are the result of not dealing with the items in quarantine. Should I just use "Clear from list" to remove them from the Quarantine Manager list? Does "Clear from list" remove the items from the Quarantine Manager list without removing them from quarantine? Of course, I don't want to let those bad boys loose again.

3. How do I update Sophos on dial-up computers? (I'm an assistant stake clerk. Some of the computers in the stake are on dial-up, and others are on-line via DSL.)

4. How do I update LANDesk on dial-up computers?

Posted: Mon Jan 24, 2011 12:29 pm
by Mikerowaved
ulupoi wrote:1. Once Sophos quarantines something, does it still pose a threat?
No. Once it's quarantined it's safe.
ulupoi wrote:2. What do we do with the items in the Quarantine Manager? The church's installation of Sophos doesn't seem to allow us to clean up or delete anything. I keep getting pop-up windows with warnings about viruses that I assume are the result of not dealing with the items in quarantine. Should I just use "Clear from list" to remove them from the Quarantine Manager list? Does "Clear from list" remove the items from the Quarantine Manager list without removing them from quarantine? Of course, I don't want to let those bad boys loose again.
You can ignore them. They aren't posing a threat anymore.
ulupoi wrote:3. How do I update Sophos on dial-up computers? (I'm an assistant stake clerk. Some of the computers in the stake are on dial-up, and others are on-line via DSL.)
They should update automatically. The PC's on dial-up are at a slightly lower risk, since they connect directly to the church servers, bypassing the internet. They are still susceptible to things like flash drives with malware, etc.
ulupoi wrote:4. How do I update LANDesk on dial-up computers?
LANDesk will be updated as needed by CHQ. I don't think we need to worry about it.

Posted: Mon Jan 24, 2011 12:57 pm
by ulupoi
Thank you for your help, Mikerowaved. Is it safe to "Clear from list" the items in the Quarantine Manager?

Posted: Mon Jan 24, 2011 2:06 pm
by Mikerowaved
OK, I seriously misspoke on my previous post and I apologize. I did some testing with a "safe" virus in a virtual machine environment and it appears Sophos doesn't actually MOVE the suspected virus file to a quarantined area like other major AV programs do. The virus appears to be still alive and kicking, even though it's on the quarantine list.

Clearing the list tells Sophos to basically ignore what it found, so that's NOT a good option. The only way to properly deal with what it found is to delete it, but you can only do that within Sophos if you are using an account that is part of the SophosAdministrator group and the Sophos install routine only puts the account that installed it into that group, which is most likely, the Administrator account.

I see two ways to deal with this...

  1. Login using the Administrator account, open Sophos and kill any threats on the list.
  2. Double-click on the "Details" section of each listed malware. For each one, Sophos will open Windows Explorer in the folder where the malware exists. Find them and delete them manually.
Once all are deleted, re-run a full scan.

Posted: Mon Jan 24, 2011 3:30 pm
by ulupoi
Just got off the phone with Local Unit Support. This is what I was told.
ulupoi wrote:1. Once Sophos quarantines something, does it still pose a threat?
No.
ulupoi wrote: 2. What do we do with the items in the Quarantine Manager? The church's installation of Sophos doesn't seem to allow us to clean up or delete anything. I keep getting pop-up windows with warnings about viruses that I assume are the result of not dealing with the items in quarantine. Should I just use "Clear from list" to remove them from the Quarantine Manager list? Does "Clear from list" remove the items from the Quarantine Manager list without removing them from quarantine? Of course, I don't want to let those bad boys loose again.
You can leave them there. You can also use "Clear from list" as this will remove them from the Quarantine Manager List but not remove them from quarantine.
ulupoi wrote:3. How do I update Sophos on dial-up computers? (I'm an assistant stake clerk. Some of the computers in the stake are on dial-up, and others are on-line via DSL.)
You don't. Sorry, no updates.
ulupoi wrote:4. How do I update LANDesk on dial-up computers?

Again, no updates.

Posted: Tue Jan 25, 2011 6:29 am
by harddrive
The only way to update Sophos and other stuff on a dial up computer is to download them to a USB flashdrive and then install it from there.

Posted: Tue Jan 25, 2011 9:40 am
by ulupoi
I used to do that with Norton, but I don't know how to do that with Sophos or LANDesk.

Posted: Tue Jan 25, 2011 10:31 am
by russellhltn
harddrive wrote:The only way to update Sophos and other stuff on a dial up computer is to download them to a USB flashdrive and then install it from there.

Except that the church has not made any updates available. The only thing on mls.lds.org is now over a year old.

Last I checked, there was no way from the Sophos website to do that.

I have seen Sophos update over dial-up, but it's slow and hit or miss. I suspect the further behind it gets, the more likely it will fail to update.