Clear the local endpoint's quarantine.xml from the SEC server
1. Please provide a way to clear the local Sophos quarantine through a managed Sophos update site for endpoints.
1. Using this solution a customer can change the update policy within the managed console to the update site which would clear quarantine.
2. Once quarantine is cleared the Sophos console would show it is cleared. (This is because clearing quarantine locally does report this status to the console.)
3. Then the computers update path could be moved to another update location that does not clear the Sophos quarantine.
4. Providing managed customers with a way to clear up the issues caused by Sophos at no additional cost makes sense for business.
The business need:
These false positives have reinforced a need to be able to clear the local Sophos quarantine. Leaving history of false positives on the local computer's quarantine becomes more of an issue when future threats are detected. When cleaning up future threats while working around false positives it makes clean up through the console difficult. One example; is the use of managed clean up within a scan. A false positive history in local quarantine prevents us from being able to use a forced local scan that provides clean up of threats through the console without checking that the local quarantine is free of false positives first.
Removing the option of forced scans to clean up threats that can not be directly resolved through "Alerts and Errors" greatly reduces the use of the console for cleaning up threats remotely.