Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 6 subscribers
  • Views 4116 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Complete lockups due to Sophos Anti-Virus

larsi

Sometimes (about 2-3 times a month) my Macbook Air displays the spinning beach ball in more and more applications until everything hangs and I have to restart. This happens on my family's other Macs, too. A few months ago I noticed that everytime this happens, the Sophos icon in the menu bar indicates that Sophos is currently updating. I checked my theory and indeed, every single time one of the Macs crashes, Sophos is doing an update. This cannot be a coincidence.

I then tried to find out what exactly happens and why all apps are crashing. I found out that they cannot access the hard drive anymore. They continue to work fine as long as they do not access the disk. As soon as they try to load anything from the disk, they stall and display the beach ball.

Usually, everytime an app wants to access the hard drive, Sophos intercepts this attempt, scans the file for viruses first and then allows the app to read it. I believe that there's some kind of bug in the Sophos update code that sometimes (usually updates work fine) makes Sophos intercept hard drive accesses without ever scanning and unblocking them.

This serious bug was affecting the commercial Sophos Anti-Virus 7 which my university used till last month, and it still affects Sophos Anti-Virus 8. It also affects the home edition of Sophos Anti-Virus 8 which all my family members use. We all use Mac OS X Lion and regularly update it.

The log files on a crashed computer look like this:

27.06.12 10:48:38,372 installer: Package Authoring Error: Infinite loop between <choice> attributes and mixed state aborted.
27.06.12 10:48:39,439 installer: Configuring volume "Mac OS X"
27.06.12 10:48:39,452 installer: Free space on "Mac OS X": 10,32 GB (10324697088 bytes).
27.06.12 10:48:39,452 installer: Create temporary directory "/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T//Install.4959z5UUG"
27.06.12 10:48:39,460 installer: IFPKInstallElement (19 packages)
27.06.12 10:48:39,866 installd: PackageKit: ----- Begin install -----

The next entries happen after the restart.

:1007915


This thread was automatically locked due to age.
Parents
  • 0

    Yes, that is a kernel panic -- it happens when something operating at the core of your operating system doesn't behave as expected.

    You appear to have at least two things going on there: one is that an installer program is failing to get the proper credentials to run its install -- do you have GateKeeper set to only allow software to run that has been downloaded from the App store?

    Secondly, you have a JPEG file in your August 17 Time Machine backup that is getting an access conflict -- likely between Sophos and Time Machine (was TM running at the time this happened?).  You may want to exclude /Volumes/Time Machine Backups/ from your on-access scans to fix this issue, at least temporarily.

    :1009734
Reply
  • 0

    Yes, that is a kernel panic -- it happens when something operating at the core of your operating system doesn't behave as expected.

    You appear to have at least two things going on there: one is that an installer program is failing to get the proper credentials to run its install -- do you have GateKeeper set to only allow software to run that has been downloaded from the App store?

    Secondly, you have a JPEG file in your August 17 Time Machine backup that is getting an access conflict -- likely between Sophos and Time Machine (was TM running at the time this happened?).  You may want to exclude /Volumes/Time Machine Backups/ from your on-access scans to fix this issue, at least temporarily.

    :1009734
Children
No Data