Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 21 replies
  • Subscribers 6 subscribers
  • Views 20434 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do you create a custom scan?

deanbar

After a first complete scan, 3 threats were quarantined, although the Sophos AV said 5 were detected - where are the other 2? The report said - "that the threat cannot be cleaned up. Please click the threat name above for manual cleanup instructions."

The manual cleanup instructions said -

11. If there are any threats for which the action available is "Clean up manually", create a custom scan.

12. Select the areas where the remaining threats reside and add these to the Scan items.

13. In the Options tab, select "Delete threat" from the drop down menu.

14. Click Done.

15. Run the scan.

First of all I cannot find a way to create a custom scan. There seems no way to drag and drop the threats into the custom scan window, or to move them there any other way. When I clicked the + button I expected to be able to select the threats and add them in, but all it did was create an empty file.

The software seems very unintuitive and un Apple like, very disorganised and illogical just like Windows. On the other hand, it may well be me that doesn't get it!!!! Having said that, it's good of Sophos to offer this program, and hopefully in time it will become more Apple like with a better UI.

Can you advise me, please? Thanks.

I am running Tiger 10.4.11

:1000163


This thread was automatically locked due to age.
  • 0

    Where do you find the "scan items" window?

    :1002989
  • 0

    someone please help...I do not know how to remove process the manually cleanup that Sophos suggests, or set up a custom scan! Could someone please reply with step by step instructions for MAC 10.6 user? 

    Thanks for any anticipated help , since there is not much posted and nothing I have attempted to try works.

    missh

    :1002997
  • 0

    Mine too does not appear to work, and I was told this program would be so easy you would not have to do anything to run it! When I get to the custom scan screen, it says the scan for these identified threats "has never been run." But the scan identified them in the first place, so how does that make sense? So I played around with it, clicked on the arrow button for each one in the list; it scanned them (again). Then I clicked on the inspector button on the right and then found the drop down menu and chose Delete Threat and clicked Done. That finally got rid of them from the custom scans box. However, I'm wondering whether just trashing them would do the same thing. Does anyone know if there is anything special about the Delete Threat command?

    :1003117
  • 0

    Trashing them will do pretty much the same thing; delete threat has the advantage that you don't have to go digging around in the internals of your filesystem if the path isn't easy to get to (invisible folders, etc) and also, delete threat deletes the file in a single step process, instead of trashing and emptying the trash.

    :1003125
  • 0

    this is clear as mud...  SOO: I now see the threat path...   libraries/ cache/ java applets    etc..... 

    -I go there...

    -I choose  -

    -the Custom Scan is run...   4 threats detected...  (my Intego expired last Feb , they didn't warn me)....

    -that other annoying window pops up says (Scan name "Untitled 8")  in the window there is a checked box next to "javapi"...the thing I selected to be scanned

    -I pull down options

    -I chose Delete Threat

    -Hit DONE

    -AND THEN WHAT?  is the threat gone??

    -I don't hear any noise...see any action

    -Do we then have to run the 3 1/2 complete scan again??

    -Do we do a selected scan thing??   

    wha??      I really want this to work..P  thanks for any info

    :1003801
  • 0

    From the description, I can't quite tell what you've done here.

    After discovering the threat with a system-wide scan, create a new custom scan item for libraries/cache/java applets:

    1. On the Sophos Anti-Virus window, toggle the Custom Scans widget
    2. Click the + at the bottom; a Scan Name: sub-window will pop up.
    3. Change the Scan Name to "Delete Malware From Caches" (you'll likely be using this scan regularly in the future)
    4. Click the + in this window
    5. Go to the Finder and select the Go menu
    6. Select the Go to Folder... menu item
    7. Enter ~/Library/
    8. Drag the Caches folder in here to the Open dialog in Sophos
    9. Click OK
    10. Click the + again
    11. Navigate to /Library/
    12. Select the Caches folder and click OK
    13. Click the Options tab
    14. Ensure "Scan inside archives" is enabled
    15. Select Delete threat from the "When a threat is found:" menu
    16. Click Done
    17. Click the > scan arrow to run your "Delete Malware From Caches" scan.
    18. Click the Open Quarantine Manager button to see if you've still got anything on your computer detected but not cleaned.

    The difference between Delete and Clean Up is that Delete will delete any file chain containing detected malware -- so for example, if you have a zip archive with a bunch of files in it, and one of them is malicious, the entire zip archive will be irrevocably deleted.  Clean Up will attempt to remove only the detected malware, and if it fails (which it will on a zip archive), you'll have to locate the file and fix it yourself (likely by deleting the file from within the zip archive). 

    Since your Cache folders contain temporary cached data, the contents can generally be deleted without harm to your persistent data -- you'll just find that some apps may take a bit longer to load the next time you run them.

    :1003807
  • 0

    I installed the Sophos free anti-virus software yesterday and ran a full scan of my Mac mini (OS X 10.6.8), including Time Machine backup drive.  This took many hours, and at the end the scan revealed 2 viruses in an April 2011 backup on Time Machine.  The cure was to perform a manual removal, which I attempted, but being unfamiliar with the way your software works, I could not find the offending software in the path suggested.  Out of sheer frustration, I just deleted the two items which meant I did nothing with them and they are still there.  Today, being slightly more familiar with the Sophos anti-virus software, I tried to scan the folder that contained the malware; however, when I click on run, the scan remains in calculating mode with the blue and white horizontal barber pole never changing.  Perhaps there is something else I failed to do in order to get this to work properly.  Apparently (if I read it correctly), Time Machine backups are read only, so I can't change anything, including deleting the malware.  The full system scan did not indicate that the malware is on my mini's drive, only on the backup in one folder (28 April 2011, 065221).  Perhaps I'm not only person with this problem and someone has found the answer.  Since the two malware files are not in the active read/write drive, maybe it doesn't matter and they can just be ignored.  Can anyone help clear this up?

    :1003817
  • 0

    It would be a good idea to remove them just in case you happen to restore from that backup at some point.  The safest way to remove them from Time Machine is to actually go into Time Machine at that date, select the files, right/control click, and select the delete all backups option.

    :1003819
  • 0

    I was loving this app since it runs in the background and doesn't require any work from me other than clicking clean up virus. Unfortunately, it does NOT clean up the threat. It simply runs for days and the same threats are there. I'm always suspicious of these products anyway since there's really no way to determine if they removed the problem. Uninstall is my next step. 

    :1008904