Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 2756 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos for Mac - files stuck in Quarantine - cannot be cleaned

jasimon9

I have some files in Quarantine that I cannot get rid of. These threats are located in my Time Machine backups. I have set the Time Machine backups to be excluded from my custom scan so I am not sure how they are even being scanned. Perhaps the on-access scan is triggered during Time Machine backups; I don't know.

In any case, these threats cannot be gotten rid of for the following reasons:

1. Clicking "clean file" results in the cleaning process hanging indefinitely, until I force-quit Sophos. As stated, I think this might be because Time Machine blocks the removal of the file.

2. Manual cleaning would be fine, but the display in Quarantine either does not show a file location at all, or shows an email file in the Time Machine backup, which cannot be removed directly, due to the structure of the backup is very hard if not impossible to figure out where it is in the email system, which if known could be removed through the Time Machine interface.

3. In addition there is one file marked "Clean manually", but there is no given location. And the instructions to setup up a custom scan thus are pretty useless.

I am thinking that Sophos has to figure out a better way of dealing with Time Machine backups of emails.

Oh yeah, and Sophos is now popping up periodically to warn me about these files that cannot be removed. Which is getting old fast.

:1006933


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for your response.

    I had intended to omit Time Machine entirely from scanning as well as certain other exclusions that make good sense. However, I only entered the exclusions for the on-demand scan; later I found the on-access exclusions and added them there. I was expecting this to prevent the files from continuing to be found.

    However, I was surprised to see that every time Time Machine ran a backup, the files were reported even though you would think they should be excluded.

    What is worse, I have taken the trouble to examine carefully each reported file. The majority of them are clean. I uploaded to VirusTotal and Jotti and all scanners say they are clean. I even put them in a temporary folder on my desktop and had Sophos on my machine scan them; it also says they are clean. So then I uploaded all to Sophos, and they say they are clean. Twice now the Sophos team has suggested that I am sending the wrong files. I sincerely believe that I have been sufficiently careful to send the files being reported.

    All I know is that Quarantine Manager continues to accumulate additonal tiles in Time Machine backups that are clean. (It did however find some actual infections -- old email from a Windows platform).

    I would hope these issues can be corrected, as Sophos fares well against other products I have evaluated (which tend to be buggy/unstable).

    Possibly coincidentally, I discovered I was having other Time Machine issues, which were resolved by rebooting the Time Capsule. I had to uninstall Sophos during the troubleshooting of Time Machine because it appeared that it might be interferring. At this point I am uncertain as to the best course, but I think I will wait before reinstalling Sophos until Time Machine has worked well through a few cycles.

    :1006967
Reply
  • 0

    Thanks for your response.

    I had intended to omit Time Machine entirely from scanning as well as certain other exclusions that make good sense. However, I only entered the exclusions for the on-demand scan; later I found the on-access exclusions and added them there. I was expecting this to prevent the files from continuing to be found.

    However, I was surprised to see that every time Time Machine ran a backup, the files were reported even though you would think they should be excluded.

    What is worse, I have taken the trouble to examine carefully each reported file. The majority of them are clean. I uploaded to VirusTotal and Jotti and all scanners say they are clean. I even put them in a temporary folder on my desktop and had Sophos on my machine scan them; it also says they are clean. So then I uploaded all to Sophos, and they say they are clean. Twice now the Sophos team has suggested that I am sending the wrong files. I sincerely believe that I have been sufficiently careful to send the files being reported.

    All I know is that Quarantine Manager continues to accumulate additonal tiles in Time Machine backups that are clean. (It did however find some actual infections -- old email from a Windows platform).

    I would hope these issues can be corrected, as Sophos fares well against other products I have evaluated (which tend to be buggy/unstable).

    Possibly coincidentally, I discovered I was having other Time Machine issues, which were resolved by rebooting the Time Capsule. I had to uninstall Sophos during the troubleshooting of Time Machine because it appeared that it might be interferring. At this point I am uncertain as to the best course, but I think I will wait before reinstalling Sophos until Time Machine has worked well through a few cycles.

    :1006967
Children
No Data