Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 21 replies
  • Subscribers 6 subscribers
  • Views 20451 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do you create a custom scan?

deanbar

After a first complete scan, 3 threats were quarantined, although the Sophos AV said 5 were detected - where are the other 2? The report said - "that the threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions."

The manual cleanup instructions said -

11. If there are any threats for which the action available is "Clean up manually", create a custom scan.

12. Select the areas where the remaining threats reside and add these to the Scan items.

13. In the Options tab, select "Delete threat" from the drop down menu.

14. Click Done.

15. Run the scan.

First of all I cannot find a way to create a custom scan. There seems no way to drag and drop the threats into the custom scan window, or to move them there any other way. When I clicked the + button I expected to be able to select the threats and add them in, but all it did was create an empty file.

The software seems very unintuitive and un Apple like, very disorganised and illogical just like Windows. On the other hand, it may well be me that doesn't get it!!!! Having said that, it's good of Sophos to offer this program, and hopefully in time it will become more Apple like with a better UI.

Can you advise me, please? Thanks.

I am running Tiger 10.4.11

:1000163


This thread was automatically locked due to age.
Parents
  • 0

    From the description, I can't quite tell what you've done here.

    After discovering the threat with a system-wide scan, create a new custom scan item for libraries/cache/java applets:

    1. On the Sophos Anti-Virus window, toggle the Custom Scans widget
    2. Click the + at the bottom; a Scan Name: sub-window will pop up.
    3. Change the Scan Name to "Delete Malware From Caches" (you'll likely be using this scan regularly in the future)
    4. Click the + in this window
    5. Go to the Finder and select the Go menu
    6. Select the Go to Folder... menu item
    7. Enter ~/Library/
    8. Drag the Caches folder in here to the Open dialog in Sophos
    9. Click OK
    10. Click the + again
    11. Navigate to /Library/
    12. Select the Caches folder and click OK
    13. Click the Options tab
    14. Ensure "Scan inside archives" is enabled
    15. Select Delete threat from the "When a threat is found:" menu
    16. Click Done
    17. Click the > scan arrow to run your "Delete Malware From Caches" scan.
    18. Click the Open Quarantine Manager button to see if you've still got anything on your computer detected but not cleaned.

    The difference between Delete and Clean Up is that Delete will delete any file chain containing detected malware -- so for example, if you have a zip archive with a bunch of files in it, and one of them is malicious, the entire zip archive will be irrevocably deleted.  Clean Up will attempt to remove only the detected malware, and if it fails (which it will on a zip archive), you'll have to locate the file and fix it yourself (likely by deleting the file from within the zip archive). 

    Since your Cache folders contain temporary cached data, the contents can generally be deleted without harm to your persistent data -- you'll just find that some apps may take a bit longer to load the next time you run them.

    :1003807
Reply
  • 0

    From the description, I can't quite tell what you've done here.

    After discovering the threat with a system-wide scan, create a new custom scan item for libraries/cache/java applets:

    1. On the Sophos Anti-Virus window, toggle the Custom Scans widget
    2. Click the + at the bottom; a Scan Name: sub-window will pop up.
    3. Change the Scan Name to "Delete Malware From Caches" (you'll likely be using this scan regularly in the future)
    4. Click the + in this window
    5. Go to the Finder and select the Go menu
    6. Select the Go to Folder... menu item
    7. Enter ~/Library/
    8. Drag the Caches folder in here to the Open dialog in Sophos
    9. Click OK
    10. Click the + again
    11. Navigate to /Library/
    12. Select the Caches folder and click OK
    13. Click the Options tab
    14. Ensure "Scan inside archives" is enabled
    15. Select Delete threat from the "When a threat is found:" menu
    16. Click Done
    17. Click the > scan arrow to run your "Delete Malware From Caches" scan.
    18. Click the Open Quarantine Manager button to see if you've still got anything on your computer detected but not cleaned.

    The difference between Delete and Clean Up is that Delete will delete any file chain containing detected malware -- so for example, if you have a zip archive with a bunch of files in it, and one of them is malicious, the entire zip archive will be irrevocably deleted.  Clean Up will attempt to remove only the detected malware, and if it fails (which it will on a zip archive), you'll have to locate the file and fix it yourself (likely by deleting the file from within the zip archive). 

    Since your Cache folders contain temporary cached data, the contents can generally be deleted without harm to your persistent data -- you'll just find that some apps may take a bit longer to load the next time you run them.

    :1003807
Children
No Data