Sophos A/V Home Edition update on July 17th cause OS X Lion to hang

Replying to myself as I in desperation thought to try something..

As soon as your session starts up, you will see the WiFi symbol sooner than most things - turn off your network completely if you can, before Sophos starts up. That seems to prevent it from going bananas.

Once you get there, you can actually open the preferences and turn *off* "Live Protection". That at least seems to have resolved the problem I was seeing. I also removed the "SophosUIServer (for all users)" from the Login Items, and only when I was happy it wasn't taking the system out again did I add it back in for my main login user. (It's hiding in /Library/Sophos Anti-Virus/, just drag and drop on the Login Items window and it's back in.)

Question for Sophos - should the Live Protection part really behave like this? Do I need to un-install completely and then re-install to get it working properly?

/Anders

Hi trudheim,

This is definitely NOT supposed to work like this. I'm running version 8.0.5 on my 10.7.4 system as I type this, with Live Protection enabled, and definitely not having the types of serious issues you are seeing.

Can you post a bit more about any software or special configuration you might have to filter network connections? I'm reasonably confident we aren't doing any special networking, but we do rely on being able to make DNS requests as part of the Live Protection feature. Maybe your DNS server settings are blocking this feature?

Hi, I am not using Lion yet, I am on OS 10.6/8 and the Sophos auto update is not working on my computer either.  i did try uninstalling and re-installing and the same thing happens.  It says fatal error, unable to load, different version already loaded (that's why I uninstalled and re-installed).   Any suggestions?

Just restarted my computer, all is working fine now.  Why didn't I think of fthat earlier? 

It did the same thing to Snow Leopard.  Finder (not reponding).  Everything hung up.

Restarting did not fix the problem for me.

I thought the problem was the new wireless router I installed a couple of days ago.

Spent all morning trying to "fix" the router . . . finally got everything working again and left the machine. 

While I was gone Sophos finished its update.

Not really happy that my whole day was wasted by this.

I thought I had it set to tell me before doing something like this, but apparently not.

Anyone know how to keep this from happening again in the future?

Hi there Bob,

Well, I do use Little Snitch, but no pop-up came up about Sophos requesting access to any port it wasn't already allowed to talk to. DNS, well I run my own on the LAN (dnsmasq on RHEL), and it was working for all other queries (like for the old Mac Mini I'm typing this on), so I don't think that was it. dnsmasq is set up to forward DNS requests and then cache them, so it is a very simple setup.

I have a squid proxy in use, that then forwards through Privoxy (cutting out all the advertising), so I can probably enable debug in both of those to see what Sophos is requesting and if it is getting blocked. I would not expect Sophos to block access to the whole system though if the Live Protection can't reach the home server for whatever reason. I'd expect it to tell me that there is a network issue and maybe something about what network issue that is. :)

There are no other firewalls blocking anything, but the system is masqueraded out on to the ADSL line by the DSL router. There was no DSL service interruptions at the time, so we can rule that out.

I'll try and enable Live Protection again, just to see what it actually is doing and if today works better than yesterday. I'll let you know how it goes, but the MacBook have been working fine since I managed to turn Live Protection off yesterday. It's an odd one this..

/Anders

Changed the setting in Little Snitch to allow Sophos any connection at all (instead of port 80 and port 3128 that it was). Turned on Live Protection and told Sophos to update -> system locked up, one application after another, giving me the spinning colour wheel. Hard power off was the only way out of it.

I'll be leaving Live Protection turned off for now, as the on access scanner seems to work without Live Protection turned on.

There's no way I can change the Proxy settings just in Sophos either (user/password and proxy setting is greyed out in the preferences UI), to try if this is it or not.

I have a Parallels VM with Lion installed in it, so I'll see if I can get time later today to update Sophos in that, and try it out to see what is actually going on. I can possibly set up tcpdump or equivalent.

There seems to be some sort of incompatibility between the latest update to Sophos ( on or around the 17th July) and Little Snitch. I have been having problems ever since Sophos upgraded whenever Little Snitch dialogs are active. The new components are causing lots of prompts for network access to come up and whenever one of these comes up the screen goes blank a few moments later and the computer goes to sleep! Looking at the console it is reporting that 'Previous Sleep Cause 5' which is a user or dialog triggered sleep request ( which I'm certainly not doing!). This can manifest as spinning beachballs or apparent hangs as the system tries to sleep whilst in use, which could be the symptom everyone else is experiencing. Why are there now so many new Sophos modules all trying to do network connections?

10.6.4 on a mid 2011 iMac

I am running SL, but I guess I might as well report this here. With the latest update I get an error message that the SAV is not running a few minutes after boot, and my battery life reported by Mac OSX is short. Remove SAV, and the remaining battery life doubled.

I have been experimenting a bit, and am now running OS X 10.8.1. If I turn off OnAccess Scanner, I can turn on Live Protection. If I subsequently turn on the OnAccess Scanner - system will lock up. It seems that these two options are mutually exclusive.

My next step is to remove Sophos entirely and then make a clean installation of it. If I observe the same behaviour after this - my only conclusion is that there is a bug in Sophos. (Yes, I know I am running LittleSnitch, but I have gone through and added /Applications/Sophos* and /Library/Sophos* applications to be allowed all possible connections out. Internet access should not be a problem what so ever for the application (and if it wants access, I should get a pop-up window about it, but that never turns up so I think any problem is prior to attempting a network connection).