Free Tools

Discussions Non believer

Free Tools requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 14 replies
Subscribers 6 subscribers
Views 3904 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Non believer

rjm1 over 13 years ago

On iMac running Lion (current version)

I am getting strange lists of files to be deleted from Quarantine Manager (V 8.0.4C)

Jun 11...

Threat: Mal/Phish-A

Path and Filename: /Library/Sophos Anti-Virus/com.sophos.sxl.plist,

/Users/rjm/Library/Keychains/login.keychain,

/Applications/MacFamilyTree.app/Contents/Resources/RippleShading.tiff

---

Did not clean up threat. Today Jun 13 got same threat but file was an email attachment. More normal.

I am also getting the same thing on a MacBook Pro running Sophos Ver 7 and Ver 8

Filename: ,

/Library/Keychains/System.keychain,

/usr/lib/dyld

I do NOT want to delete these files...

Any idea what is going on???

This thread was automatically locked due to age.

Parents

0 Agile over 13 years ago

> Original Locations:
> /Library/Preferences/com.sophos.sav.plist,
> /private/var/db/launchd.db/com.apple.launchd/overrides.plist,
> /private/var/db/ntp.drift,
> /System/Library/Framworks/CoreServices.fra…work/Versions/A/Support/SFLSharedPrefsTool,
> /usr/lib/system/libremovefile.dylib,
> /usr/share/icu/icudt46l.dat
Do you still have those paths in the Quarantine Manager? I thought the paths had already been replaced with the correct locations?
The response to why they originally flagged those locations is "Possibly memory corruption, which is fixed by a reboot." The problem here is that the issue has not been reproducable to date and we've seen such a small number of incidents that we haven't been able to isolate the variables.
If you're still seeing them in the Quarantine Manager, if you forcibly remove them from teh quarantine manager and re-scan, the detections should either go away or show the proper location.
The one thing I *have* noticed from all occurances of this issue is that the files flagged as malicious are the ones that would have been most recently accessed at the time the detection was flagged.
:1007815
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Agile over 13 years ago

> Original Locations:
> /Library/Preferences/com.sophos.sav.plist,
> /private/var/db/launchd.db/com.apple.launchd/overrides.plist,
> /private/var/db/ntp.drift,
> /System/Library/Framworks/CoreServices.fra…work/Versions/A/Support/SFLSharedPrefsTool,
> /usr/lib/system/libremovefile.dylib,
> /usr/share/icu/icudt46l.dat
Do you still have those paths in the Quarantine Manager? I thought the paths had already been replaced with the correct locations?
The response to why they originally flagged those locations is "Possibly memory corruption, which is fixed by a reboot." The problem here is that the issue has not been reproducable to date and we've seen such a small number of incidents that we haven't been able to isolate the variables.
If you're still seeing them in the Quarantine Manager, if you forcibly remove them from teh quarantine manager and re-scan, the detections should either go away or show the proper location.
The one thing I *have* noticed from all occurances of this issue is that the files flagged as malicious are the ones that would have been most recently accessed at the time the detection was flagged.
:1007815
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data