Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 2734 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

System hangs during on-access scanning of encrypted disk images

roderickvd

When accessing data on an encrypted disk image, my system hangs after some time. All I/O operations are stalled and the entire UI becomes unresponsive. The system cannot be recovered except by using a hard reset.

I have worked around the problem by excluding my encrypted volume from on-access scanning. Hopefully a future version of Sophos Anti-Virus for Mac OS X will correct this issue.

Mid 2010 MacBook Pro with 8 GB RAM

Mac OS X Lion 10.7.2

Sophos Anti-Virus 7.3.6C

:1004661


This thread was automatically locked due to age.
  • 0

    Thank you for the feedback; I'm not sure if this will be enough information to isolate/replicate your issue, but I'm sure the QA team will have a look.

    When you say "encrypted disk image", do you mean an encrypted SparseImage?  These are the same files customers are having problems with regarding to Time Machine backups.  It is possible that something has become slightly corrupted on your image.  Creating a new one and copying the data over may fix the problem (if the issue is in the disk structure and not an actual file).

    :1004673
  • 0

    I have experienced the exact same problem.

    Computer: Macbook Pro, Core i7, Mac OS 10.7.2, internal flash drive encrypted with FileVault 2. Fresh Sophos install.

    Time Machine backup drive: external 1 TB drive attached via USB 2.0. One encrypted partition.

    To set up an external drive as an encrypted volume in Mac OS X 10.7, go to Time Machine in System Preferences, unlock it, click "Select disk", select the external drive, and check "Encrypt backup disk" before clicking "Use Backup Disk". Time Machine will repartition the drive, destroying anything on it, and make it one big encrypted partition. You will need to provide a password and hint for the disk (not your login password) and you can store this pasword in your keychain. Time Machine can encrypt the drive in the background while your backup is underway; this background encryption can take hours.

    After this point, Sophos will randomly hang the machine. This manifests as processes blocking indefinitely as soon as they try to access any disk (internal, external, whatever). This includes the background encryption process.

    The workaround that I have found that works is to tell Sophos not to scan the backup drive by putting its path (/Volumes/something) into the ignore list. This has worked fine so far, with no lockups.

    (I fail to see the utility of Sophos creating panic over files that were purged years ago yet still present on the backup. I just had to deal with Sophos digging up an email attachment from 2006 that had a Windows virus, then claiming that it could not be cleaned up and directing me to a page with a Windows-based cleanup tool, which is silly because I can't run the cleanup tool.)

    :1004797
  • 0
    Here's an idea for circumstances when you cannot afford to have Sophos hang the Mac because of a Time Machine file - - set up a Custom scan with special scan parameters to scan ONLY the Time Machine, in a Custom scan - calling it "Time Machine Scan." Next, open the On-access scanning tab in the circle-i (Scan Local Drives) box, and exclude the Time Machine from the regular, scheduled scans, from the Local Full scan, too. Am hoping that Exclusion in this On-access tab will also exclude Time Machine files from the Scan Local Drives as well, and thus I can avoid these problems with Time Machine files, and also save a lot of time in the Local Scan, and I can select Time Machine Scan as often as I desire, and have a relatively shorter scan time requirement for one or the other, than for a combined scan of EVERYTHING. And I can avoid hanging the system on Time Machine's scan issues, thereby keeping the Mac "up and running" for current high-pressure, high-priority business. I reserve checking the Time Machine for an epoch when some downtime will not hurt us too much. What can you say? will the On-access tab's exclusion of Time Machine be carried over to the Full scans? I am not sure, yet.
    :1005471
  • 0

    Hello Ed,

    generally you wouldn't want the on-access settings being applied to Scan Local Drives, as one purpose of this scan is to scan areas you've exempted from on-access scanning. It might make sense to make scanning of the Time Machine files a selectable option for Scan Local Drives (and perhaps for on-access as well). This would require some more changes though because as of now these settings also apply to a Finder scan.

    Christian

    :1005481