Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi there,

You can just upgrade to Mavericks without uninstalling Sophos AV. 

I haven't discovered any problems while doing just that on 2 Macs

Regards,

Iwan

---

Iwan wrote:

Hi there,

You can just upgrade to Mavericks without uninstalling Sophos AV. 

I haven't discovered any problems while doing just that on 2 Macs

Regards,

Iwan

---

Yes this is correct. We did lots of testing with this scenario. Its also how I upgraded my own machine.

Sophos AV does not work on my mavericks system. When I uninstall Sophos, webbrowsers work fine. When I reinstall it (and upgrade to the latest version), no web pages come up. This may be caused by a conflict with www.freedesktop.org stuff that has been put on my system by MacPorts.

Doing a clean install of SAV (whatever version is available for download as of 5 minutes ago) on a clean install of Mavericks results an error message about the kernel being from an unrecognized developer.

Hello LDMartin1959,

Can you post a pic of the error message? The significant part is the path (either it will start with /System/Library/Extensions, or it will start with /Library/Extensions). I suspect it will start with /System/Library/Extensions.

Apple introduced kernel extension codesign verification with 10.9. They did this in a way that is not backwards compatible with codesign procedures in 10.8. As a result, they also introduced a mechanism where developers like Sophos are required to install two different copies of any kernel extensions (one in /System/Library/Extensions, the other in /Library/Extensions) and give these two different kernel extensions two different version numbers. The OS is supposed to pick the highest version number.

Sophos has been delivering codesigned kernel extensions for a long time. We adopted the new strategy required by Apple during the "preview" cycle for 10.9 in the last few months, per their instructions. Everything tested fine.

Now it seems the released version of 10.9 is misbehaving when it loads kernel extensions as it does not appear to prefer the highest version number as Apple intended. However it seems to only happen upon the first installation. Next reboot your machine will likely discover the correct kernel extension and never prompt again.

How can you know what kernel extensions are loaded?

Run "kextstat" in the Terminal, it shows all the kernel extensions loaded and their version number. Sophos extensions always start with com.sophos. The versions signed for OS X 10.9 are currently numbered 9.0.53 and the versions signed for 10.6/10.7/10.8 are currently numbered 9.0.3. These numbers change when we update those components, but the "rule" that Apple instituted is that the 10.9-ready extensions have a higher version number.

How can you know whether a kernel extesion is signed?

Run "codesign -dvv <filename>" in the Terminal, it shows whether a given file is signed and how. Try "codesign -dvv /Library/Extensions/SophosOnAccessInterceptor.kext" and you'll see what that means.

Hope this information helps.

I did that.  Slow machine, updates never finished.  I installed Mavericks last week.  My mbp basically locked up when I was trying to create a user account for a student to use on my machine, Sophos was doing something in the background.  Finally had to hard power off the machine.

Logged in with my account, still no updates.  I tried downloading and installing the new Sophos, seemed to install, threw an "unkn kext file" error the first reboot after the install, but hasn't been able to download updates at all. 

Not happy.  Almost willing to go back to a paid antivirus from mcaffee or someone else.

Looking at my Sophos log, the updates came down but "verification failed". 

Black x in the shield.

I have been beta testing Mavericks since June and had no problems.  When it got released I formatted my drives in my laptop and work computer and installed Mavericks and installed all my apps and stuff and got everything setup.

On both machines browsing around the web has been horrible!   I have 50/25 FIOS at home and even faster at work and couldn't figure out what the problem was.  Chrome and Firefox was even slow and was driving me nuts because it felt like I was using DSL or slower.

Finally tonight I discovered the issue, its the new Sophos 9.0.3!   Its the Web Protection, as soon as I disabled the Web Protection it cleared up the problem.  I knew right away as the speed was night and day.

Hardware:

Home:  Early 2009 Macbook Pro 17" 2.93Ghz Core 2 Duo, 8GB DDR3, 9400M 256MB, 10.9 (13A603)

Work: Early 2009 Mac Pro, 2.66Ghz Xeon, 12GB, Dual Geforce GT 120 512MB, 10.9 (13A603)

Has the Web Protection been in past versions of the Free Sophos versions or am I right in thinking it came out with version 9??

---

cashxx wrote:

Has the Web Protection been in past versions of the Free Sophos versions or am I right in thinking it came out with version 9??

---

Web Protection was added in version 9 for the Home Edition as well as the business version.

The feature works by proxying web browser traffic. There are two controls, one uses a realtime URL reputation check and the second passes the content through our malware detection engine. They are related but have different performance characteristics. It would be useful to know if one or both of these settings are causing your slow browsing experience.

The reputation check involves a lookup of the destination URL against our servers, to see if we have identified it as a malicious software source. If there is an issue reaching our servers this could have a severe impact on browsing performance. The content scan is completely local to your machine, should be unaffected by the reputation check.

Do you have other web or network security software installed? Could be a conflict of some sort, and if so we'd like to know about it so we can ensure others aren't going to run into the same problem.