Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 6 subscribers
  • Views 42420 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New user several questions

brvx

First, for the automatic update interval, how is the time calculated? Is it ordinary chronological time, or is it actual computer running time. For example, if I select automatic updating for daily, with the last update having occurred at 9 AM Tuesday, will the next update happen at 9 AM Wednesday, provided the computer is not sleeping at that moment. Or will it need 24 hours of actual computer running time, which might not happen if the computer is sleeping for extended periods perhaps until several days later?

Second, I ran Sophos (9.0.8) yesterday booted from a 10.6.8 partition on an external drive. It calculated something like 1,900,000 files/folders to scan. The 10.6.8 boot volume was only around 701,000. The other volume on that drive, a 10.8.5, is around 607,000, which, if Sophos was scanning both, still comes nowhere near close to the total Sophos calculated. If I add in the internal 10.6.8 volume, the total is a figure around 2,001,000, still not the 1,900,000 I saw, but more plausible. Was it scanning all three volumes? I am very puzzled about the number of files Sophos calculated. Naturally, this scan took far longer than intended.

Finally, although I logged in to my admin user in order to run the scan, I am normally running out of a standard account for security. So, of course, there I could see that my admin user was out of bounds. But from the standard user, I ran a shell script which opened Sophos with root privileges (do shell script "/Applications/'Sophos Anti-Virus.app'/Contents/MacOS/'Sophos Anti-Virus' > /dev/null 2>&1 &" with administrator privileges) When I opened Sophos that way, I was able to see the other user, but I still got the notice that I was running using "current privileges." Not sure why that didn't disappear when opened as root, but what I wonder is, since that notice didn't disappear, if running as root will have the necessary privileges needed to scan all system files, and if anything is found, will I be able to "clean" that infection--should it really need to be cleaned? I would not like to have to log in to my admin account in order to do either of those, completely scan all system files, and clean, when necessary.


:1016041


This thread was automatically locked due to age.
Parents
  • 0
    brvx wrote:

    EDIT: I am particularly interested in knowing what "current privileges" means when Sophos is opened with admin privileges by way of the shell script. (Perhaps you can run Sophos from that script as an AppleScript to see exactly what I'm talking about?) Does the appearance of the Use current privileges button there mean that Sophos does not fully recognize the admin privileges in that mode?  And eariler you did seem to be saying that Sophos would be able to scan at a deeper level when opened as root, either by the shell script or by sudo. No?

    The terminology "current privileges" means that the scan runs with the same user identity and priviliges as the user who launched the GUI app. If you are running as user "Annabelle" and run the GUI, your scan would only be able to read the same files that the user "Annabelle" would be able to read. Doesn't really matter too much if "Annabelle" is a standard user or an admin user, there will be portions of the disk that "Annabelle" won't be able to read. A good example is the home directory of other users on the same machine. The permissions on a user's home directory excludes other users (even admin users) from reading their files by default.

    Running the GUI from a script via sudo changes this quite a bit. The sudo command effectively raises your user rights to become the "root" user (superuser is another common term for this). In this case, "current priviliges" means you can read all files, even those files within all user's home directories. Its the same as what will happen when you choose to elevate your priviliges with the "Authenticate and Scan All" option.

    Its important to note that the scanning process isn't actually running in the same context as the GUI user. We run scans in the background, regardless of how they are initiated. We do this in order to support the feature of scheduled scans, where we can't guarantee someone will leave the GUI app running.

    brvx wrote:

    And do you have any comment about my observation that Sophos appears to be looking at and scanning all attached volumes (Firewire in this case.)

    The GUI says "Scan This Mac" and we are serious about it. That option will scan all non-network volumes. Not sure if the terminology is too confusing though.

    brvx wrote:

    Or should we do this by email? Thanks

    And deny everyone else the opportunity to hear your concerns? Let's keep it in the public forum.

    :1016085
Reply
  • 0
    brvx wrote:

    EDIT: I am particularly interested in knowing what "current privileges" means when Sophos is opened with admin privileges by way of the shell script. (Perhaps you can run Sophos from that script as an AppleScript to see exactly what I'm talking about?) Does the appearance of the Use current privileges button there mean that Sophos does not fully recognize the admin privileges in that mode?  And eariler you did seem to be saying that Sophos would be able to scan at a deeper level when opened as root, either by the shell script or by sudo. No?

    The terminology "current privileges" means that the scan runs with the same user identity and priviliges as the user who launched the GUI app. If you are running as user "Annabelle" and run the GUI, your scan would only be able to read the same files that the user "Annabelle" would be able to read. Doesn't really matter too much if "Annabelle" is a standard user or an admin user, there will be portions of the disk that "Annabelle" won't be able to read. A good example is the home directory of other users on the same machine. The permissions on a user's home directory excludes other users (even admin users) from reading their files by default.

    Running the GUI from a script via sudo changes this quite a bit. The sudo command effectively raises your user rights to become the "root" user (superuser is another common term for this). In this case, "current priviliges" means you can read all files, even those files within all user's home directories. Its the same as what will happen when you choose to elevate your priviliges with the "Authenticate and Scan All" option.

    Its important to note that the scanning process isn't actually running in the same context as the GUI user. We run scans in the background, regardless of how they are initiated. We do this in order to support the feature of scheduled scans, where we can't guarantee someone will leave the GUI app running.

    brvx wrote:

    And do you have any comment about my observation that Sophos appears to be looking at and scanning all attached volumes (Firewire in this case.)

    The GUI says "Scan This Mac" and we are serious about it. That option will scan all non-network volumes. Not sure if the terminology is too confusing though.

    brvx wrote:

    Or should we do this by email? Thanks

    And deny everyone else the opportunity to hear your concerns? Let's keep it in the public forum.

    :1016085
Children
No Data