Manual Cleanup

Please do a search on here for Time Machine :)

Your best option for removing threats from within Time Machine is to do it by hand, from within Time Machine.  Removing threats from outside Time Machine with Time Machine enabled could cause problems with your backups.

If you don't want to worry about potential Windows malware in your backups, just exclude your Time Machine volume from on-access and on-demand scans, and remove the detections from the quarantine manager.  I'd also suggest excluding your temporary and cache folders from Time Machine backups, to speed up backups, save space, and prevent conflicts with other software that may read the Time Machine volume.

Thanks for the advice. I worry about being able to find the threats within TM, though. Would they all be located in the same place? And do I have to go back to all the backup copies or only the last one? 

I thought I had already excluded my external HDs already and just chose the main drive. I was surprised to get all of these, especially all of a sudden. It's as though something had changed without my having done anything new. But it occurs to me that you may be talking about something else as I'm not sure what "on-access" and "on-demand" scans refers to. If you could give me instructions for doing that, I surely would appreciate it.

Apropos of nothing to do with this subject, every time I come back to the forum, my password doesn't work, and I have to recreate it every time. What might be going on?

---

CALF wrote:

Thanks for the advice. I worry about being able to find the threats within TM, though. Would they all be located in the same place? And do I have to go back to all the backup copies or only the last one? 

I thought I had already excluded my external HDs already and just chose the main drive. I was surprised to get all of these, especially all of a sudden. It's as though something had changed without my having done anything new. But it occurs to me that you may be talking about something else as I'm not sure what "on-access" and "on-demand" scans refers to. If you could give me instructions for doing that, I surely would appreciate it.

Apropos of nothing to do with this subject, every time I come back to the forum, my password doesn't work, and I have to recreate it every time. What might be going on?

---

The path you find in the Quarantine Manager will be the literal path to the file on the TM volume,  The path within TM will start after the date stamped portion of the path. When you locate a file, right click on it and select "delete all backups" -- this will remove all copies, not just the one you've selected.

If you go to the preferences in Sophos Anti-Virus, you'll see an On Demand and an On Access section.  On Access is always running in the background, scanning any file as it is created, read or written to.  On Demand refers to when you manually click the scan button in the main window of the Sophos Anti-Virus app itself.  On Demand scans don't let you exclude external drives; you need to create a custom scan to do that.  This means that you likely excluded them from the on-access section.  However, you need to exclude the Time Machine virtual drive if it creates a custom mount point when TM is active (this depends on your TM configuration) -- so it's possible that you didn't actually exclude the TM virtual volume, but just the external drive it resides on.

I don't know what's up with the password situation, but I'd guess you're using some sort of cookie management, and it's causing a site cookie that holds authentication state to fail -- it's been my experience that this usually doesn't happen for the session where you register accounts, even if the cookie is later set for a regular login.  Not sure if this forum works that way, but I've had issues with TACO killing my logins in the exact same way on other sites.

I didn't get the time to address the cleanup until today, and two more threats arrived today although not on TM. I had left the QM on the desktop this week, but when I went back to it today to follow your instructions, it was blank; not even today's threats were on it. What do suppose may have happened? And, can I get that list back in order to eliminate those threats?

In any case, I went ahead and excluded my external drives in the On-Access area, leaving the partitions of my main drive. But I do not see any On-Demand section or tab. Also, I don't know what "virtual TM" is let alone how to exclude it.  Can you please provide instructions for that suggestion?

http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Macbook-Air-with-Lion-freezes-during-Time-Machine-backup/m-p/4643#M2273

http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/Threat-Showed-Up-in-Quarantine-Manager-but-Disappeared-Before-I/m-p/3887#M1928

http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/How-do-I-ignore-scanning-my-Time-capsule/m-p/2001#M1045

http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/How-do-you-create-a-custom-scan/m-p/1071#M620

I am having practical problems reaching Time Machine threats. Do I actually go into TM itself or do I go to the HD on which it is stored? I didn't see how to find the threat by going to TM, so I went to the HD, but I couldn't follow the path since the user library is not available and the Option key trick doesn't appear to work on another HD. Plus those paths are so darn long that I had to print out each one in order to follow it. There has to be a better way to do this.

I selected a preference that apparently deletes the threat without my having to do anything, so I get notification of a threat and when I go to QM, it's blank. Is this a good thing to do? What does it do when it comes to a threat that it cannot clean up?

Do I even have to bother with these Windows only threats, especially when they are on the TM HD?

You talk about setting up a custom scan somewhere for the virtual TM. But I don't find the threats by actually running scans. I just wait until I get notification by Sophos's automatic scanning. Right now I have 4 I'm waiting to deal with on and off TM. This software is an awful lot of trouble--good thing it's free. Plus I am continually aggravated by having to send for a password rest every single time I want to get on here.

 You actually do go into TM itself.

If the path is something like /Volumes/TimeMachineBackupDrive/DateStamp/MyHD/Users/MyUserName/Library/Mail/DownloadedAttachments/Blah.xls then you would use the Go Menu in the Finder to navigate to ~/Library/Mail/ and then use the Time Machine menu to enter time machine.  Navigate to the file, right click it, and select "remove all backups".

THEN, go into Sophos Anti-Virus preferences, select On-Access, and add /Volumes/TimeMachineBackupDrive to your exclusion list.

You may also want to take that opportunity to add your caches folders (and anything else you don't need backed up) to the exclusion list in Time Machine itself.  This will speed up your backups, reduce the risk of on-access issues, and save storage space.

Only one of the 4 was I able to find and eliminate. With the others, the path just didn't follow through as instructed. One piece of another was missing. Is this common?

If they were detected on something that rolled off the end of your backup, or were in a cache folder, then they could easily no longer be present (which is why they also vanish from the quarantine manager).

Unfortunately, they are still in the QM even though the path cannot be followed. The 3 left are all in spam.mbox. I wonder if I should just the delete the entire spam.mbox from TM. Of what possible use could a backup of the spam folder be?