Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 5674 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

transient warnings

antwerpenr

Hello, sometimes when working on the computer I see a popup message which says that Sophos has detected a threat and puts up a window where I can open quarantine manager.  When I click on that the eooro message disappears and there is no trace any more of the error/warning.   This makes me suspect that there is some sort of rootkit running that detects that the antivirus has detected it and then elimiantes all trace.  Is this possible?  How to know or do a ground-up re-test?

Another clue, maybe.  Although properly installed (as far as I know) the Sophos Scans window says that the Scan Local Disks has "never been run" though I have run it many times and the Scan / shows last scanned on 5 May even though i have run it many times since....

:1013583


This thread was automatically locked due to age.
Parents
  • 0

    You should check the real time scanner log for any detections.  Click on the Sophos shield in the menu bar, select 'Open Preferences' and then click the 'Logging' tab.  The click 'View Log Contents'...

    Screen_Shot_2013-10-02_at_19.30.06.png

    This opens Console and selects the correct log in the right-hand panel.  Scroll back up the log file and see if there are detections mentioned.

    If you cannot see anything so far you could carry on working and watch out for the problem to appear again.  Then make a note of what was open (applications), what you were doing and what the computer may have been doing/accessing/trying to do at the time.  Then check the real time scanner log again for recent activity.

    If you believe the software isn't working right you could uninstall and reinstall it (is this version 8 or 9?), but it's probably not a great idea to uninstall until you can work out what the detection name is.  If it is a Mac Trojan then you want to keep protection enabled.  If the detection is W32/... or Troj/... then it's a file that can only affect a Windows operating system.

    If you need to post back include an extract of the log file - it'll help.

    :1013609
Reply
  • 0

    You should check the real time scanner log for any detections.  Click on the Sophos shield in the menu bar, select 'Open Preferences' and then click the 'Logging' tab.  The click 'View Log Contents'...

    Screen_Shot_2013-10-02_at_19.30.06.png

    This opens Console and selects the correct log in the right-hand panel.  Scroll back up the log file and see if there are detections mentioned.

    If you cannot see anything so far you could carry on working and watch out for the problem to appear again.  Then make a note of what was open (applications), what you were doing and what the computer may have been doing/accessing/trying to do at the time.  Then check the real time scanner log again for recent activity.

    If you believe the software isn't working right you could uninstall and reinstall it (is this version 8 or 9?), but it's probably not a great idea to uninstall until you can work out what the detection name is.  If it is a Mac Trojan then you want to keep protection enabled.  If the detection is W32/... or Troj/... then it's a file that can only affect a Windows operating system.

    If you need to post back include an extract of the log file - it'll help.

    :1013609
Children
No Data