Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 6 subscribers
  • Views 24181 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sopho Anti-Virus for Mac stops and crashes during scan when it updates in OSX 10.8

gkolsson

I had the other problems with Sophos Anti-Virus for Mac when I upgraded to 10.8, but those were fixed with the update on Aug. 10, 2012. However, Sophos can not complete a scan if update comes up during the scan. The program crashes during that update.  I have scanned successfully for both local scan and custom scan of my MacBook Pro drive if I turn off the wi-fi to the computer. I don't have to turn the wi-fi off itself, but just to the computer.  Now, sometimes it will update several times during a scan before an update causes the program to crash, but usually it is the first scan. Is Sophos looking into this?  I believe I saw this problem with updates mentioned in some thread, but I can not find it now.  I am using version 8.06C.  I did not have this problem before updating to 10.8, so I am sure this problem is due to an incompatibility of Sophos with Mountain Lion.  Without a fix, I can still set up a scan in the middle of the night, but I have to turn the wi-fi off to my computer before retiring for the night. Thanks for any help.

:1009476


This thread was automatically locked due to age.
Parents
  • 0

    After installing OSX 10.8.1, I ran a scan of the local drive with wi-fi and autoupdate on.  The local scan started at 12:01 MDT on 8/23/12. Sophos crashed just after 17:06:40 MDT on 8/23/12. By coincidence, I  was actually looking at system logs on same screen when it went down.  The program just disappeared from the screen. Sophos ran slightly over 5 hours and checked for an update every hour at 13:00:55, 14:02:23, 15:03:56, 16:05:07, but the program was up to date during these checks. However, the program checked again at 17:06:17. This time, the program needed to be updated, and the Sophos crashed.  Here is the Sophos Anti-Virus log for this incident:

    com.sophos.autoupdate: Updating catalogue information at 16:05:07 23 August 2012
    com.sophos.autoupdate: Catalogue updated at 16:05:09 23 August 2012
    com.sophos.autoupdate: Download started at 16:05:09 23 August 2012
    com.sophos.autoupdate: Download completed at 16:05:25 23 August 2012
    com.sophos.autoupdate: Software is up-to-date at 16:06:17 23 August 2012
    com.sophos.autoupdate: Info: Checked primary server at 16:06 on 23 August 2012
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate:
    com.sophos.autoupdate: Updating catalogue information at 17:06:17 23 August 2012
    com.sophos.autoupdate: Catalogue updated at 17:06:18 23 August 2012
    com.sophos.autoupdate: Download started at 17:06:18 23 August 2012
    com.sophos.autoupdate: Download completed at 17:06:35 23 August 2012
    com.sophos.autoupdate: Update started at 17:06:40 23 August 2012
    com.sophos.autoupdate: Info: Checked primary server at 17:10 on 23 August 2012
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate:
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.intercheck: Version 4.80, 06 August 2012
    com.sophos.intercheck: Includes detection for 3879855 viruses, trojans and worms
    com.sophos.intercheck: Copyright (c) 1989-2012 Sophos Ltd, www.sophos.com
    com.sophos.intercheck:
    com.sophos.intercheck: Using IDE files:
    com.sophos.intercheck:

    <snip>

    com.sophos.intercheck:
    com.sophos.intercheck: Info: On-access scanner started at 17:10 on 23 August 2012
    com.sophos.intercheck:

    So, it took about 4 minutes for Sophos to get the live scanner up and running. I checked the system log for this time period, and I see the following:

    Aug 23 17:04:56 MacBkPro.local Dock[192]: CGSGetWindowTags: Invalid window 0xf32
    Aug 23 17:04:56 MacBkPro.local Dock[192]: find_shared_window: WID 3889
    Aug 23 17:04:56 MacBkPro.local Dock[192]: CGSGetWindowTags: Invalid window 0xf31
    Aug 23 17:06:47 MacBkPro com.apple.launchd[1] (com.apple.xpcd.00000000-0000-0000-0000-000000000000[2347]): Exited: Killed: 9
    Aug 23 17:06:47 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2347 [xpcd]
    Aug 23 17:06:48 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2346 [com.apple.speech]
    Aug 23 17:06:48 MacBkPro com.apple.launchd[1] (com.apple.speech.synthesis.activityd[2346]): Exited: Killed: 9
    Aug 23 17:06:48 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2344 [cfprefsd]
    Aug 23 17:06:48 MacBkPro com.apple.launchd.peruser.26[2342] (com.apple.cfprefsd.xpc.agent[2344]): Exited: Killed: 9
    Aug 23 17:06:48 MacBkPro com.apple.launchd[1] (com.apple.Preview.TrustedBookmarksService[2334]): Exited: Killed: 9
    Aug 23 17:06:49 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2334 [com.apple.Previe]
    Aug 23 17:06:50 MacBkPro.local Mail[186]: _checkNewMail isAutoFetch
    Aug 23 17:06:50 MacBkPro.local Mail[186]: doBackgroundFetch called
    Aug 23 17:06:50 MacBkPro.local Mail[186]: [LogBlockedFetches] Prior to lock in _prepareToFetch <MFAosImapAccount:0x7ff201cacf90 (path=/Users/garykolson/Library/Mail/V2/AosIMAP-garykolson, active)>
    Aug 23 17:06:50 MacBkPro.local Mail[186]: [LogBlockedFetches] Prior to lock in _prepareToFetch <IMAPAccount:0x7ff201cc46e0 (path=/Users/garykolson/Library/Mail/V2/IMAP-garykolson@imap.gmail.com, active)>
    Aug 23 17:06:55 MacBkPro com.apple.launchd[1] (com.apple.security.pboxd[2330]): Exited: Killed: 9
    Aug 23 17:06:55 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2330 [com.apple.securi]
    Aug 23 17:07:17 MacBkPro com.apple.launchd.peruser.505[157] (com.apple.printtool.agent[2329]): Exited: Killed: 9
    Aug 23 17:07:17 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2329 [printtool]
    Aug 23 17:07:17 MacBkPro com.apple.launchd[1] (com.apple.hiservices-xpcservice[2325]): Exited: Killed: 9
    Aug 23 17:07:17 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2325 [com.apple.hiserv]
    Aug 23 17:07:18 MacBkPro com.apple.launchd.peruser.601[2295] (com.apple.cfprefsd.xpc.agent[2300]): Exited: Killed: 9
    Aug 23 17:07:18 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2300 [cfprefsd]
    Aug 23 17:07:20 MacBkPro com.apple.launchd.peruser.601[2295] (com.apple.distnoted.xpc.agent[2299]): Exited: Killed: 9
    Aug 23 17:07:20 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2299 [distnoted]
    Aug 23 17:07:22 MacBkPro com.apple.launchd.peruser.505[157] (com.apple.pbs[2293]): Exited: Killed: 9
    Aug 23 17:07:22 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2293 [pbs]
    Aug 23 17:07:45 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'system.install.apple-software' by client '/System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/Resources/installd' [309] for authorization created by '/usr/sbin/installer' [2375] (4,0)
    Aug 23 17:07:45 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'system.install.software' by client '/System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/Resources/installd' [309] for authorization created by '/usr/sbin/installer' [2375] (4,0)
    Aug 23 17:07:54 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:08:06 MacBkPro com.apple.launchd.peruser.505[157] ([0x0-0x2a02a].com.sophos.sav[360]): Exited: Terminated: 15
    Aug 23 17:08:33 MacBkPro com.apple.launchd[1] (com.sophos.intercheck[65]): Exit timeout elapsed (20 seconds). Killing
    Aug 23 17:08:39 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:09:24 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:09:32 MacBkPro com.apple.launchd.peruser.505[157] (com.sophos.uiserver[340]): Exited: Killed: 9
    Aug 23 17:09:40 MacBkPro.local WindowServer[100]: CGXDisableUpdate: UI updates were forcibly disabled by application "SophosUIServer" for over 1.00 seconds. Server has re-enabled them.
    Aug 23 17:09:40 MacBkPro.local WindowServer[100]: reenable_update_for_connection: UI updates were finally reenabled by application "SophosUIServer" after 1.00 seconds (server forcibly re-enabled them after 1.00 seconds)
    Aug 23 17:09:42 MacBkPro.local SophosAutoUpdate[2527]: AlreadyRegistered
    Aug 23 17:09:51 MacBkPro com.apple.launchd.peruser.505[157] (com.sophos.uiserver[2481]): Exited: Killed: 9
    Aug 23 17:09:54 MacBkPro.local SophosAntiVirus[2961]: reloading scheduled scans...
    Aug 23 17:09:54 MacBkPro.local SophosAntiVirus[2961]: scheduleScanWithName: MacBookPro | B6641F0E-1930-4070-80E8-6908DA5DA61D | 505 | (
    wednesday
    ) | (
    "03:00:00"
    )
    Aug 23 17:09:58 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:10:01 MacBkPro.local anacron[3280]: Anacron 2.3 started on 2012-08-23
    Aug 23 17:10:01 MacBkPro.local anacron[3280]: Normal exit (0 jobs run)
    Aug 23 17:10:07 MacBkPro.local InterCheck[2951]: Live protection is Enabled
    Aug 23 17:10:07 --- last message repeated 1 time ---
    Aug 23 17:10:07 MacBkPro kernel[0]: Sophos Anti-Virus on-access kext activated
    Aug 23 17:10:08 MacBkPro.local InterCheck[2951]: Live protection is Enabled
    Aug 23 17:10:24 --- last message repeated 7 times ---

     You can see the sophos going down and the operating system recovering and sophos reestablishing live scan coverage about 4 minutes after crash.  I hope this can help you isolate why autoupdate causes a crash.  At least I can run live scan, and custom or local scan when I want, and it will run if I turn off autoupdate during the scan.

    Gary

    :1009562
Reply
  • 0

    After installing OSX 10.8.1, I ran a scan of the local drive with wi-fi and autoupdate on.  The local scan started at 12:01 MDT on 8/23/12. Sophos crashed just after 17:06:40 MDT on 8/23/12. By coincidence, I  was actually looking at system logs on same screen when it went down.  The program just disappeared from the screen. Sophos ran slightly over 5 hours and checked for an update every hour at 13:00:55, 14:02:23, 15:03:56, 16:05:07, but the program was up to date during these checks. However, the program checked again at 17:06:17. This time, the program needed to be updated, and the Sophos crashed.  Here is the Sophos Anti-Virus log for this incident:

    com.sophos.autoupdate: Updating catalogue information at 16:05:07 23 August 2012
    com.sophos.autoupdate: Catalogue updated at 16:05:09 23 August 2012
    com.sophos.autoupdate: Download started at 16:05:09 23 August 2012
    com.sophos.autoupdate: Download completed at 16:05:25 23 August 2012
    com.sophos.autoupdate: Software is up-to-date at 16:06:17 23 August 2012
    com.sophos.autoupdate: Info: Checked primary server at 16:06 on 23 August 2012
    com.sophos.autoupdate: Sophos Anti-Virus is up to date
    com.sophos.autoupdate:
    com.sophos.autoupdate: Updating catalogue information at 17:06:17 23 August 2012
    com.sophos.autoupdate: Catalogue updated at 17:06:18 23 August 2012
    com.sophos.autoupdate: Download started at 17:06:18 23 August 2012
    com.sophos.autoupdate: Download completed at 17:06:35 23 August 2012
    com.sophos.autoupdate: Update started at 17:06:40 23 August 2012
    com.sophos.autoupdate: Info: Checked primary server at 17:10 on 23 August 2012
    com.sophos.autoupdate: Sophos Anti-Virus was updated
    com.sophos.autoupdate:
    com.sophos.intercheck: Sophos Anti-Virus
    com.sophos.intercheck: Version 4.80, 06 August 2012
    com.sophos.intercheck: Includes detection for 3879855 viruses, trojans and worms
    com.sophos.intercheck: Copyright (c) 1989-2012 Sophos Ltd, www.sophos.com
    com.sophos.intercheck:
    com.sophos.intercheck: Using IDE files:
    com.sophos.intercheck:

    <snip>

    com.sophos.intercheck:
    com.sophos.intercheck: Info: On-access scanner started at 17:10 on 23 August 2012
    com.sophos.intercheck:

    So, it took about 4 minutes for Sophos to get the live scanner up and running. I checked the system log for this time period, and I see the following:

    Aug 23 17:04:56 MacBkPro.local Dock[192]: CGSGetWindowTags: Invalid window 0xf32
    Aug 23 17:04:56 MacBkPro.local Dock[192]: find_shared_window: WID 3889
    Aug 23 17:04:56 MacBkPro.local Dock[192]: CGSGetWindowTags: Invalid window 0xf31
    Aug 23 17:06:47 MacBkPro com.apple.launchd[1] (com.apple.xpcd.00000000-0000-0000-0000-000000000000[2347]): Exited: Killed: 9
    Aug 23 17:06:47 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2347 [xpcd]
    Aug 23 17:06:48 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2346 [com.apple.speech]
    Aug 23 17:06:48 MacBkPro com.apple.launchd[1] (com.apple.speech.synthesis.activityd[2346]): Exited: Killed: 9
    Aug 23 17:06:48 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2344 [cfprefsd]
    Aug 23 17:06:48 MacBkPro com.apple.launchd.peruser.26[2342] (com.apple.cfprefsd.xpc.agent[2344]): Exited: Killed: 9
    Aug 23 17:06:48 MacBkPro com.apple.launchd[1] (com.apple.Preview.TrustedBookmarksService[2334]): Exited: Killed: 9
    Aug 23 17:06:49 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2334 [com.apple.Previe]
    Aug 23 17:06:50 MacBkPro.local Mail[186]: _checkNewMail isAutoFetch
    Aug 23 17:06:50 MacBkPro.local Mail[186]: doBackgroundFetch called
    Aug 23 17:06:50 MacBkPro.local Mail[186]: [LogBlockedFetches] Prior to lock in _prepareToFetch <MFAosImapAccount:0x7ff201cacf90 (path=/Users/garykolson/Library/Mail/V2/AosIMAP-garykolson, active)>
    Aug 23 17:06:50 MacBkPro.local Mail[186]: [LogBlockedFetches] Prior to lock in _prepareToFetch <IMAPAccount:0x7ff201cc46e0 (path=/Users/garykolson/Library/Mail/V2/IMAP-garykolson@imap.gmail.com, active)>
    Aug 23 17:06:55 MacBkPro com.apple.launchd[1] (com.apple.security.pboxd[2330]): Exited: Killed: 9
    Aug 23 17:06:55 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2330 [com.apple.securi]
    Aug 23 17:07:17 MacBkPro com.apple.launchd.peruser.505[157] (com.apple.printtool.agent[2329]): Exited: Killed: 9
    Aug 23 17:07:17 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2329 [printtool]
    Aug 23 17:07:17 MacBkPro com.apple.launchd[1] (com.apple.hiservices-xpcservice[2325]): Exited: Killed: 9
    Aug 23 17:07:17 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2325 [com.apple.hiserv]
    Aug 23 17:07:18 MacBkPro com.apple.launchd.peruser.601[2295] (com.apple.cfprefsd.xpc.agent[2300]): Exited: Killed: 9
    Aug 23 17:07:18 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2300 [cfprefsd]
    Aug 23 17:07:20 MacBkPro com.apple.launchd.peruser.601[2295] (com.apple.distnoted.xpc.agent[2299]): Exited: Killed: 9
    Aug 23 17:07:20 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2299 [distnoted]
    Aug 23 17:07:22 MacBkPro com.apple.launchd.peruser.505[157] (com.apple.pbs[2293]): Exited: Killed: 9
    Aug 23 17:07:22 MacBkPro kernel[0]: memorystatus_thread: idle exiting pid 2293 [pbs]
    Aug 23 17:07:45 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'system.install.apple-software' by client '/System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/Resources/installd' [309] for authorization created by '/usr/sbin/installer' [2375] (4,0)
    Aug 23 17:07:45 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'system.install.software' by client '/System/Library/PrivateFrameworks/PackageKit.framework/Versions/A/Resources/installd' [309] for authorization created by '/usr/sbin/installer' [2375] (4,0)
    Aug 23 17:07:54 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:08:06 MacBkPro com.apple.launchd.peruser.505[157] ([0x0-0x2a02a].com.sophos.sav[360]): Exited: Terminated: 15
    Aug 23 17:08:33 MacBkPro com.apple.launchd[1] (com.sophos.intercheck[65]): Exit timeout elapsed (20 seconds). Killing
    Aug 23 17:08:39 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:09:24 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:09:32 MacBkPro com.apple.launchd.peruser.505[157] (com.sophos.uiserver[340]): Exited: Killed: 9
    Aug 23 17:09:40 MacBkPro.local WindowServer[100]: CGXDisableUpdate: UI updates were forcibly disabled by application "SophosUIServer" for over 1.00 seconds. Server has re-enabled them.
    Aug 23 17:09:40 MacBkPro.local WindowServer[100]: reenable_update_for_connection: UI updates were finally reenabled by application "SophosUIServer" after 1.00 seconds (server forcibly re-enabled them after 1.00 seconds)
    Aug 23 17:09:42 MacBkPro.local SophosAutoUpdate[2527]: AlreadyRegistered
    Aug 23 17:09:51 MacBkPro com.apple.launchd.peruser.505[157] (com.sophos.uiserver[2481]): Exited: Killed: 9
    Aug 23 17:09:54 MacBkPro.local SophosAntiVirus[2961]: reloading scheduled scans...
    Aug 23 17:09:54 MacBkPro.local SophosAntiVirus[2961]: scheduleScanWithName: MacBookPro | B6641F0E-1930-4070-80E8-6908DA5DA61D | 505 | (
    wednesday
    ) | (
    "03:00:00"
    )
    Aug 23 17:09:58 MacBkPro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
    Aug 23 17:10:01 MacBkPro.local anacron[3280]: Anacron 2.3 started on 2012-08-23
    Aug 23 17:10:01 MacBkPro.local anacron[3280]: Normal exit (0 jobs run)
    Aug 23 17:10:07 MacBkPro.local InterCheck[2951]: Live protection is Enabled
    Aug 23 17:10:07 --- last message repeated 1 time ---
    Aug 23 17:10:07 MacBkPro kernel[0]: Sophos Anti-Virus on-access kext activated
    Aug 23 17:10:08 MacBkPro.local InterCheck[2951]: Live protection is Enabled
    Aug 23 17:10:24 --- last message repeated 7 times ---

     You can see the sophos going down and the operating system recovering and sophos reestablishing live scan coverage about 4 minutes after crash.  I hope this can help you isolate why autoupdate causes a crash.  At least I can run live scan, and custom or local scan when I want, and it will run if I turn off autoupdate during the scan.

    Gary

    :1009562
Children
No Data