Mac OS X 10.9 "Mavericks" and SAV for Mac

Running SAV 9.01 on 10.9  

when i whant to make seetings ERROR : Configruation Demon is not Running

New install does not Help ! And no Icon on menu bar so its not Running ! I Have no AV treats ...

SAV seems not running on my IMAC !

Whats up?

Greetz

jarre 

Hi jarre,

I believe you need version >=9.0.3 for Mavericks compatibility, so uninstall via the removal tool and download the latest from the Sophos site.

Hope that helps

have you a DL link?

on the germen side i get 9.01 of SAV !

thanks for your Reply

Jarre 

I just used this link and got the installer for 9.0.3.

---

bobcook wrote:

---

cashxx wrote:

Has the Web Protection been in past versions of the Free Sophos versions or am I right in thinking it came out with version 9??

---

Web Protection was added in version 9 for the Home Edition as well as the business version.

The feature works by proxying web browser traffic. There are two controls, one uses a realtime URL reputation check and the second passes the content through our malware detection engine. They are related but have different performance characteristics. It would be useful to know if one or both of these settings are causing your slow browsing experience.

The reputation check involves a lookup of the destination URL against our servers, to see if we have identified it as a malicious software source. If there is an issue reaching our servers this could have a severe impact on browsing performance. The content scan is completely local to your machine, should be unaffected by the reputation check.

Do you have other web or network security software installed? Could be a conflict of some sort, and if so we'd like to know about it so we can ensure others aren't going to run into the same problem.

---

Shouldn't be any issues getting to the Sophos server on my home network or on my work computer.  I'm in IT and our VLAN has full access to the internet and not going through a proxy or anything.  At home its just my router, nothing special.

The install was a format and install of mavericks and basic apps like Office, Adobe CS 6, etc.  With the last thing being Sophos 9.0.3 Free Edition being installed.  

Thats what was driving me nuts, it was a fresh install of everything and Safari was dragging.  Eventually installed Chrome and Firefox and all of them had issues and I thought it was a bug in Mavericks networking stack or something then I got to thinking if Sophos slipped something in there and sure enough I seen that Web Protection and turned it off and it cleared up.  

Will mess with those settings and see if I can get any more info.

Thanks,

Dan

---

bobcook wrote:

It would be useful to know if one or both of these settings are causing your slow browsing experience.

---

Just messing around with it for a few minutes and the problem seems to be only when the top option is on.

Block access to malicious webistes using reatime URL reputation checks. This feature protects your Mac from sites identified to be hosting malicious content, or representing a significant security concern.  

Sounds like it would be a good idea to turn it on, but it slows it down to much for me.  Heck at times I felt like I was on DSL when I have a 50/25 connection.

Thanks,

Dan

I have a similar issue since upgrading to Mavericks.  Sophos seems to work but I am never able to finish a SAV update.  The update file will get about 4-7 MB into the download then will not move.  I have tried to do a complete uninstall and reinstall.  I checked the logs and it keeps repeating the following every time I get an Internet connection:

om.sophos.autoupdate: Updating catalogue information at 09:12:03 05 November 2013
com.sophos.autoupdate: Catalogue updated at 09:12:04 05 November 2013
com.sophos.autoupdate: Download started at 09:12:04 05 November 2013
com.sophos.autoupdate: Sophos AutoUpdate
com.sophos.autoupdate: Version 9.0.3
com.sophos.autoupdate: Copyright © 1989-2013 Sophos Ltd. All rights reserved.
com.sophos.autoupdate:
com.sophos.intercheck: Sophos Anti-Virus
com.sophos.intercheck: Version 4.93, 11 September 2013
com.sophos.intercheck: Includes detection for 5684257 viruses, trojans and worms
com.sophos.intercheck: Copyright (c) 1989-2012 Sophos Ltd, www.sophos.com
com.sophos.intercheck:

Hi Dan,

The "block access to malicious websites" feature connects to our SXL servers while the browser request is in flight. We hold the response from the remote server until we get an answer (or timeout).

Can you traceroute and/or ping to http.00.s.sophosxl.net and see where its going?

We initially will attempt an HTTP connection (via TCP) to this server. This might fail if the route from your machine to the internet is being filtered (authenticating proxy, for example). If blocked, the software will attempt fallback to doing DNS lookups (over UDP). These can be very, very problematic for some upstream DNS servers as they might not like the "rather large" DNS requests we are making (typically near the limit of the specification's allowed size).

Wireshark is likely your friend to see what might be actually happening on the wire. Look for HTTP transactions and DNS transactions with "sophosxl" in the destination hostname.

---

bobcook wrote:

Hi Dan,

The "block access to malicious websites" feature connects to our SXL servers while the browser request is in flight. We hold the response from the remote server until we get an answer (or timeout).

Can you traceroute and/or ping to http.00.s.sophosxl.net and see where its going?

We initially will attempt an HTTP connection (via TCP) to this server. This might fail if the route from your machine to the internet is being filtered (authenticating proxy, for example). If blocked, the software will attempt fallback to doing DNS lookups (over UDP). These can be very, very problematic for some upstream DNS servers as they might not like the "rather large" DNS requests we are making (typically near the limit of the specification's allowed size).

Wireshark is likely your friend to see what might be actually happening on the wire. Look for HTTP transactions and DNS transactions with "sophosxl" in the destination hostname.

---

Just doing a basic traceroute here is the info:    Takes forever to hit the destination.   Pinging goes right through.  Have a RT-N66U Asus Router with latest firmware.  With wireshark I didn't see anything useful.

Traceroute has started…

traceroute to ns.a.aws.sophosxl.net (54.205.37.95), 64 hops max, 72 byte packets

 1  router.asus.com (192.168.1.1)  2.852 ms  1.230 ms  0.642 ms

 2  l100.pitbpa-vfttp-50.verizon-gni.net (96.235.36.1)  5.045 ms  5.327 ms  4.626 ms

 3  g0-1-2-6.pitbpa-lcr-21.verizon-gni.net (130.81.58.64)  7.450 ms  6.396 ms  7.301 ms

 4  xe-15-1-0-0.res-bb-rtr1.verizon-gni.net (130.81.209.38)  10.024 ms  11.355 ms  9.799 ms

 5  0.ae1.br3.iad8.alter.net (152.63.7.81)  14.923 ms  15.937 ms  15.184 ms

 6  dcp-brdr-03.inet.qwest.net (63.235.40.49)  16.580 ms  15.054 ms  14.933 ms

 7  * * *

 8  65.120.78.82 (65.120.78.82)  18.237 ms  17.154 ms  17.424 ms

 9  205.251.245.27 (205.251.245.27)  18.147 ms  16.628 ms  16.979 ms

10  205.251.245.121 (205.251.245.121)  12.411 ms  14.215 ms  12.365 ms

11  * * *

12  * * *

13  * * *

14  216.182.224.237 (216.182.224.237)  20.666 ms  16.745 ms  18.076 ms

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *

20  ec2-54-205-37-95.compute-1.amazonaws.com (54.205.37.95)  19.490 ms  16.040 ms  14.781 ms

This is very odd, we aren't hearing about this in large numbers. How adventerous are you feeling? Wireshark is the tool of choice for tracing network activity, you could run it to trace what is happening (TCP timeouts, broken connection, connection failures, etc).