It's a long story and I won't go into all the details, but Sophos was giving me a could not scan, unexpected error, corrupt file message for the Firefox Profiles cache. Turned out that was because the hidden flag had been turned on for that particular file. That's been solved, sort of--I'm no longer getting that error message (It seems Firefox wants to keep that cache hidden, because even after unhiding it, after logging out and back in, it reverted to being hidden.)
Anyway, thinking that this perhaps showed that Sophos was unable to scan hidden files (I know this is very unlikely, since that would be a very major vulnerability for any A-V), I first turned off on access scanning, and placed an eicar malware test file, hidden and with the proper permissions, in /System/Library/LaunchAgents, as a test. I would have expected an alert as soon as I turned scanning back on, but I didn't get the alert until I did a manual/custom scan there. I expected I would have gotten the alert immediately without having to do a manual/custom scan--that was the behavior I got when, earlier, I created a not hidden duplicate of that file (the original is excluded) where I normally keep it. I am running out of a standard account, so was that because the on access scanner doesn't have permission to see into /System/Library?
Second, not sure why this is happening--maybe related to all the different kinds of custom scans I've tried (both ordinary and from root)--I'm sometimes losing the Sophos icon in the menubar and the only way to get it back is to log out and back in.
This thread was automatically locked due to age.
