{"id":15179,"date":"2020-03-03T11:16:47","date_gmt":"2020-03-03T16:16:47","guid":{"rendered":"https:\/\/www.firewalls.com\/blog\/?p=15179"},"modified":"2025-12-19T15:39:06","modified_gmt":"2025-12-19T20:39:06","slug":"sophos-threat-cases","status":"publish","type":"post","link":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/","title":{"rendered":"Sophos Threat Cases Make Malware Cleanup Easy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15179\" class=\"elementor elementor-15179\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-13c34136 e-flex e-con-boxed e-con e-parent\" data-id=\"13c34136\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3164d7f5 elementor-widget elementor-widget-text-editor\" data-id=\"3164d7f5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>What are Sophos Threat Cases?<\/strong><\/h3><p>Sophos Threat Cases make <a href=\"https:\/\/www.firewalls.com\/brands\/sophos\/central\/intercept-x-advanced-with-xdr.html\" target=\"_blank\" rel=\"noopener noreferrer\">Intercept X Advanced with EDR<\/a> truly stand out from the crowd as an <a href=\"https:\/\/www.firewalls.com\/category\/end-user-protection.html\" target=\"_blank\" rel=\"noopener noreferrer\">end user protection platform<\/a>. Granting admins the ability to investigate and clear up malware attacks with just a few clicks, Threat Cases provide a birds\u2019 eye view allowing you to visualize incidents occurring on your network. After getting an idea of what the incident looks like, you can then drill down into individual events and files to investigate details at a granular level. Guided response, root cause analysis, and attack visualization make Threat Cases a one-of-a-kind experience for network administrators.<\/p><p>See where attacks originated, how and where they spread, and identify which files, processes, applications, and devices were affected by the breach. Threat Cases are <a href=\"https:\/\/www.firewalls.com\/brands\/sophos\/central\/intercept-x-advanced-with-xdr.html\" target=\"_blank\" rel=\"noopener noreferrer\">available for both XG firewalls<\/a> and <a href=\"https:\/\/www.firewalls.com\/brands\/sophos\/central.html\" target=\"_blank\" rel=\"noopener noreferrer\">for servers<\/a>, offering extensive visibility and control both on-premise and in the cloud.<\/p><p style=\"padding-left: 40px;\"><strong>Quickly identify, diagnose, &amp; mediate<\/strong><\/p><ul><li style=\"list-style-type: none;\"><ul><li>Isolate affected devices<\/li><li>Search for similar threats<\/li><li>Clean up after a breach<\/li><li>Block threats with automated guided response<\/li><\/ul><\/li><\/ul><p>For example, if malicious behavior is detected in an Office 365 file such as a Word document or Excel spreadsheet, Sophos Threat Cases will indicate that the file was written to the computer by Outlook.exe and tip off administrators that the threat was the result of a malicious email. Admins may then use this information to identify and close security gaps to prevent future exploitation of this attack vector.<\/p><p>Threat cases are only generated for malicious behavior detections and do not include detection of Potential Unwanted Applications and other false positives.<\/p><p style=\"padding-left: 40px;\"><strong>Types of infections seen by Sophos Threat Cases:<\/strong><\/p><ul><li style=\"list-style-type: none;\"><ul><li>Malware detection<\/li><li>Web threats<\/li><li>Malicious behavior<\/li><li>Malicious traffic<\/li><li>Exploits<\/li><\/ul><\/li><\/ul><h3><strong>Where to find Sophos Threat Cases<\/strong><\/h3><p>If you want to take advantage of the features offered by Sophos Threat Cases such as root cause analysis, registry key and process filters, infection path visualization, and guided response, you\u2019ll need an <a href=\"https:\/\/www.firewalls.com\/brands\/sophos\/central\/intercept-x-advanced.html\" target=\"_blank\" rel=\"noopener noreferrer\">Intercept X Advanced license<\/a> to get started. Once logged into your <a href=\"https:\/\/www.firewalls.com\/brands\/sophos\/central.html\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos Central<\/a> Admin dashboard, Sophos Threat Cases can be found by clicking the \u201cEndpoint Protection\u201d or \u201cServer Protection\u201d menu linked in the \u201cMy Products\u201d section.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e6ab205 e-grid e-con-full e-con e-child\" data-id=\"e6ab205\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f5c6fae elementor-widget elementor-widget-image\" data-id=\"f5c6fae\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"1440\" height=\"332\" src=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/alert4.jpg\" class=\"attachment-full size-full wp-image-15180\" alt=\"Sophos Threat Cases is found in the Sophos Central admin dashboard\" srcset=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/alert4.jpg 1440w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/alert4-300x69.jpg 300w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/alert4-1024x236.jpg 1024w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/alert4-768x177.jpg 768w\" sizes=\"(max-width: 1440px) 100vw, 1440px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-33a80d2 elementor-widget elementor-widget-text-editor\" data-id=\"33a80d2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>The Anatomy of a Threat Case<\/strong><\/h3><p>What does a threat case event look like and why is it so helpful for network administrators? Every Threat Case begins with a simplified events chain, giving an easy-to-follow visualization of the basic details of your incident.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3cfde8a e-grid e-con-full e-con e-child\" data-id=\"3cfde8a\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-426318a elementor-widget elementor-widget-image\" data-id=\"426318a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"187\" data-src=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/14.png\" class=\"attachment-large size-large wp-image-15181 lazyload\" alt=\"Simplified Attack Chain from Sophos Threat Cases\" data-srcset=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/14.png 786w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/14-300x88.png 300w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/14-768x225.png 768w\" data-sizes=\"(max-width: 640px) 100vw, 640px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 640px; --smush-placeholder-aspect-ratio: 640\/187;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1212625 elementor-widget elementor-widget-text-editor\" data-id=\"1212625\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>After the simplified attack chain, each Sophos Threat Case serves up a more robust attack summary that details basic information like detection name, root cause, potentially affected data, infected user, device names, and attack timeframe.<\/p><p>The summary section is followed up by a Suggested Next Steps function which generates automated remediation advice on what to do next. Advice is dependent on the type of attack and other details specific to the incident. Examples of some advice from Sophos Threat Cases include isolating computers, setting priorities, and setting the status of a case record.<\/p><p>Last but definitely not least, the Analyze section is home to most of the detailed information admins will love from Sophos Threat Cases. Here you can find graphics of the attack \u201cbeacons\u201d that Sophos detected and the root cause that Threat Cases identified. The beacon and root cause are then linked by interconnecting lines that make up the attack chain.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c1cfe9d e-grid e-con-full e-con e-child\" data-id=\"c1cfe9d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4fc04bf elementor-widget elementor-widget-image\" data-id=\"4fc04bf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"975\" height=\"665\" data-src=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture1-e1583249271452.png\" class=\"attachment-full size-full wp-image-15182 lazyload\" alt=\"Sophos Threat Cases Analysis Section\" data-srcset=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture1-e1583249271452.png 975w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture1-e1583249271452-300x205.png 300w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture1-e1583249271452-768x524.png 768w\" data-sizes=\"(max-width: 975px) 100vw, 975px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 975px; --smush-placeholder-aspect-ratio: 975\/665;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1e74101 elementor-widget elementor-widget-image\" data-id=\"1e74101\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"897\" height=\"302\" data-src=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture2.png\" class=\"attachment-full size-full wp-image-15183 lazyload\" alt=\"Sophos Threat Cases detail overviw\" data-srcset=\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture2.png 897w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture2-300x101.png 300w, https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Picture2-768x259.png 768w\" data-sizes=\"(max-width: 897px) 100vw, 897px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 897px; --smush-placeholder-aspect-ratio: 897\/302;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9931f07 elementor-widget elementor-widget-text-editor\" data-id=\"9931f07\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Admins can click on any individual event in this attack chain graphic, allowing them to view additional detailed information in a right-hand pop-up menu.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bd56e08 elementor-widget elementor-widget-text-editor\" data-id=\"bd56e08\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h3><strong>Try Sophos Intercept X and Sophos XG Firewall<\/strong><\/h3><p>Ready to get your hands on Threat Cases but still not sure about <a href=\"https:\/\/www.firewalls.com\/brands\/sophos.html\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos security<\/a>? <a href=\"https:\/\/secure2.sophos.com\/en-us\/products\/endpoint-antivirus\/free-trial.aspx?id=00130000019KGZ4\" target=\"_blank\" rel=\"noopener noreferrer\">Try a 30-day trial of Intercept X<\/a> or a <a href=\"https:\/\/secure2.sophos.com\/en-us\/content\/offers\/xg-firewall\/free-trial.aspx?id=00130000019KGZ4\" target=\"_blank\" rel=\"noopener noreferrer\">30-day trial of Sophos XG Firewall<\/a> for free before you buy. You can also get your next <a href=\"https:\/\/www.firewalls.com\/brands\/sophos\/firewalls\/xg.html\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos XG Firewall appliance<\/a> at no cost when you purchase a qualifying 3-year security license with our <a href=\"https:\/\/www.firewalls.com\/brands\/sophos\/firewalls.html\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos Evolved Firewall Promo<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Sophos Threat Cases make it easy to visualize attack chains, find root cause, &#038; clean up with guided response. Try Intercept X with EDR free for 30 days.<\/p>\n","protected":false},"author":5,"featured_media":27499,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[594],"tags":[],"class_list":["post-15179","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sophos"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Sophos Threat Cases Make Malware Cleanup Easy - Firewalls.com<\/title>\n<meta name=\"description\" content=\"Sophos Threat Cases make it easy to visualize attack chains, find root cause, &amp; clean up with guided response. Try Intercept X with EDR free for 30 days.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sophos Threat Cases Make Malware Cleanup Easy - Firewalls.com\" \/>\n<meta property=\"og:description\" content=\"Sophos Threat Cases make it easy to visualize attack chains, find root cause, &amp; clean up with guided response. Try Intercept X with EDR free for 30 days.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/\" \/>\n<meta property=\"og:site_name\" content=\"Firewalls.com\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/firewallscom\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-03T16:16:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-19T20:39:06+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1120\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Andrew Harmon\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@firewallscom\" \/>\n<meta name=\"twitter:site\" content=\"@firewallscom\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Harmon\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/\"},\"author\":{\"name\":\"Andrew Harmon\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/8e89a2f96065af1717d00dfd06dca962\"},\"headline\":\"Sophos Threat Cases Make Malware Cleanup Easy\",\"datePublished\":\"2020-03-03T16:16:47+00:00\",\"dateModified\":\"2025-12-19T20:39:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/\"},\"wordCount\":650,\"publisher\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png\",\"articleSection\":[\"Sophos\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/\",\"url\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/\",\"name\":\"Sophos Threat Cases Make Malware Cleanup Easy - Firewalls.com\",\"isPartOf\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png\",\"datePublished\":\"2020-03-03T16:16:47+00:00\",\"dateModified\":\"2025-12-19T20:39:06+00:00\",\"description\":\"Sophos Threat Cases make it easy to visualize attack chains, find root cause, & clean up with guided response. Try Intercept X with EDR free for 30 days.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage\",\"url\":\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png\",\"contentUrl\":\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png\",\"width\":1120,\"height\":630,\"caption\":\"Sophos Threat Cases Make Malware Cleanup Easy\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.firewalls.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sophos Threat Cases Make Malware Cleanup Easy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/#website\",\"url\":\"https:\/\/www.firewalls.com\/blog\/\",\"name\":\"Firewalls.com\",\"description\":\"Your Home For Cyber Security News, Stories, &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.firewalls.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/#organization\",\"name\":\"Firewalls.com\",\"url\":\"https:\/\/www.firewalls.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/BrandedLogo-TagLineBelow.png\",\"contentUrl\":\"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/BrandedLogo-TagLineBelow.png\",\"width\":365,\"height\":85,\"caption\":\"Firewalls.com\"},\"image\":{\"@id\":\"https:\/\/www.firewalls.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/firewallscom\",\"https:\/\/x.com\/firewallscom\",\"https:\/\/www.linkedin.com\/company-beta\/1439857\/\",\"https:\/\/www.youtube.com\/user\/firewallsDotCom\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/8e89a2f96065af1717d00dfd06dca962\",\"name\":\"Andrew Harmon\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g\",\"caption\":\"Andrew Harmon\"},\"description\":\"Andrew Harmon was the Director of Marketing for Firewalls.com, co-host of the Ping podcast, and engineer-to-English translator of the network security lexicon. Andrew focused on creating content for small business owners and cybersecurity novices to make this crucial facet of modern business more approachable for non-experts everywhere.\",\"sameAs\":[\"https:\/\/www.Firewalls.com\",\"aharmon@firewalls.com\"],\"url\":\"https:\/\/www.firewalls.com\/blog\/author\/aharmon\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sophos Threat Cases Make Malware Cleanup Easy - Firewalls.com","description":"Sophos Threat Cases make it easy to visualize attack chains, find root cause, & clean up with guided response. Try Intercept X with EDR free for 30 days.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/","og_locale":"en_US","og_type":"article","og_title":"Sophos Threat Cases Make Malware Cleanup Easy - Firewalls.com","og_description":"Sophos Threat Cases make it easy to visualize attack chains, find root cause, & clean up with guided response. Try Intercept X with EDR free for 30 days.","og_url":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/","og_site_name":"Firewalls.com","article_publisher":"http:\/\/www.facebook.com\/firewallscom","article_published_time":"2020-03-03T16:16:47+00:00","article_modified_time":"2025-12-19T20:39:06+00:00","og_image":[{"width":1120,"height":630,"url":"http:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png","type":"image\/png"}],"author":"Andrew Harmon","twitter_card":"summary_large_image","twitter_creator":"@firewallscom","twitter_site":"@firewallscom","twitter_misc":{"Written by":"Andrew Harmon","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#article","isPartOf":{"@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/"},"author":{"name":"Andrew Harmon","@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/8e89a2f96065af1717d00dfd06dca962"},"headline":"Sophos Threat Cases Make Malware Cleanup Easy","datePublished":"2020-03-03T16:16:47+00:00","dateModified":"2025-12-19T20:39:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/"},"wordCount":650,"publisher":{"@id":"https:\/\/www.firewalls.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage"},"thumbnailUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png","articleSection":["Sophos"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/","url":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/","name":"Sophos Threat Cases Make Malware Cleanup Easy - Firewalls.com","isPartOf":{"@id":"https:\/\/www.firewalls.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage"},"image":{"@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage"},"thumbnailUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png","datePublished":"2020-03-03T16:16:47+00:00","dateModified":"2025-12-19T20:39:06+00:00","description":"Sophos Threat Cases make it easy to visualize attack chains, find root cause, & clean up with guided response. Try Intercept X with EDR free for 30 days.","breadcrumb":{"@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#primaryimage","url":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png","contentUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2020\/03\/Sophos-Threat-Cases-Make-Malware-Cleanup-Easy.png","width":1120,"height":630,"caption":"Sophos Threat Cases Make Malware Cleanup Easy"},{"@type":"BreadcrumbList","@id":"https:\/\/www.firewalls.com\/blog\/sophos-threat-cases\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.firewalls.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Sophos Threat Cases Make Malware Cleanup Easy"}]},{"@type":"WebSite","@id":"https:\/\/www.firewalls.com\/blog\/#website","url":"https:\/\/www.firewalls.com\/blog\/","name":"Firewalls.com","description":"Your Home For Cyber Security News, Stories, &amp; Tutorials","publisher":{"@id":"https:\/\/www.firewalls.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firewalls.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.firewalls.com\/blog\/#organization","name":"Firewalls.com","url":"https:\/\/www.firewalls.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/BrandedLogo-TagLineBelow.png","contentUrl":"https:\/\/www.firewalls.com\/blog\/wp-content\/uploads\/2017\/08\/BrandedLogo-TagLineBelow.png","width":365,"height":85,"caption":"Firewalls.com"},"image":{"@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/firewallscom","https:\/\/x.com\/firewallscom","https:\/\/www.linkedin.com\/company-beta\/1439857\/","https:\/\/www.youtube.com\/user\/firewallsDotCom"]},{"@type":"Person","@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/8e89a2f96065af1717d00dfd06dca962","name":"Andrew Harmon","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.firewalls.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/82936bfb8f1442a22d205a04a3feacea2a3566500f61df50f53fa21ec3306ee9?s=96&r=g","caption":"Andrew Harmon"},"description":"Andrew Harmon was the Director of Marketing for Firewalls.com, co-host of the Ping podcast, and engineer-to-English translator of the network security lexicon. Andrew focused on creating content for small business owners and cybersecurity novices to make this crucial facet of modern business more approachable for non-experts everywhere.","sameAs":["https:\/\/www.Firewalls.com","aharmon@firewalls.com"],"url":"https:\/\/www.firewalls.com\/blog\/author\/aharmon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts\/15179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/comments?post=15179"}],"version-history":[{"count":20,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts\/15179\/revisions"}],"predecessor-version":[{"id":27500,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/posts\/15179\/revisions\/27500"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/media\/27499"}],"wp:attachment":[{"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/media?parent=15179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/categories?post=15179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firewalls.com\/blog\/wp-json\/wp\/v2\/tags?post=15179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}