Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 6 subscribers
  • Views 16565 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

clean up failed,

klalee

Scanned my Mac which took about 22 hours. Dialog box says one threat found and issues detected.

Opened Quarantine Manager which displayed the threat and a file name with the option to clean up. Clean up failed. Now only options are to Reveal In Finder which shows a long list of code or Clear From List. If I clear from list, does that take the threat away?

Issues detected - what do I do about those?

Thank you.

:1013621


This thread was automatically locked due to age.
  • 0

    The 'Issues detected' are generally nothing to worry about.  See this post: Sophos Antivirus for Mac shows ‘‘‘‘Issues detected’’’’

    If you clear the item from the list it just clears the quarantine manager - the threat would remain.  It can be useful to do just before a new scan so you know all the items listed have truly been detected and aren't just something left behind from a previous scan.

    It would be good to know the threat name and path/file mentioned so I could advise further.  Next steps really depend on the detection and it's location.  Is it in a Time Machine backup?  Attached to an email message?   Just a file in the Downloads folder?

    Post a screenshot and/or an extract of the log.

    :1013627
  • 0

    Threat is Troj/ObfjS-BK

    Path and filename: /Volumes/MyPassport/Backups.backupdb/Kathleen Lee's Computer/2012-03-2...

                                   /Volumes/MyPassport/Backups.backupdb/Kathleen Lee's Computer/2012-03-2...

                                   /Volumes/MyPassport/Backups.backupdb/Kathleen Lee's Computer/2012-04-0...

    Recommended action is maual cleanup which I tried to do, but couldn't get the file name into the Quarantine Manager custom scan box. When I clicked on scan now, it took me to the Sophos website for information about Trojans.

    I must be doing something wrong, but I don't know what!

    :1013629
  • 0

    The complete path will be in the log file.  The path starts 'backups.backupdb' hence see the the very bottom of this article...

    http://www.sophos.com/en-us/support/knowledgebase/118117.aspx

    You could just exclude the /Volume/Time Machine folder from future scans, clear the item from the quarantine manager and still be OK.  The files are locked up in the archive and will be overwritten when the MyPassport hard drive fills up.

    :1013631
  • 0
    klalee wrote:

    Scanned my Mac which took about 22 hours.

    Re-reading this I'd recommend excluding the Time Machine folder.

    That should shorten the scan time.

    You can do the same for a custom scan (if that's the type you run).  Plus another top tip is to uncheck the option to scan inside archives and compressed files.

    Example:

    Try those two things and see how long the scan takes then.

    :1013633
  • 0

    Sorry, forgot to say that it's not obvious how to access a scan's settings.  Here's an example:

    :1013635
  • 0

    OK. I placed the /Volumes/Time Machine Backups/ in the excluded items section under the preferences menu. There's a box below which asks When a threat is found:  default choice is deny access. Shouldn't clear up threat or delete threat be chosen?

    Under custom scan, what do I list ............Macintosh HD? Or selected files?

    :1013637
  • 0

    I would 'Log only' when a threat is found.  It does mean you have to open the Quarantine Manager, but the advantage is you get to see what the threat is, the file, the path, etc.  You get check where the thing came from and learn a bit about it (to avoid it in the future).

    Also let's say a friend (with a Windows computer and no antivirus/ no up to date antivirus) gives you a USB pen drive with a lot of files on it - all seemingly important to your friend.  You plug in the drive to access one file and SAV jumps in and deletes all the malicious ones.  You'll have to hand the drive back and explain the files are gone.  Far better to say the files are there but 'you need to get an antivirus program'.

    'what do i list'?  You mean 'Scan Items'?  Under the custom scan on the 'Scan Items' tab click the plus (+) and you'll be looking at the top level of the hard drive.  Just click 'open' straightaway to select the whole drive.  The item listed will be the root of the hard drive ( / ) shown as a forward slash.

    :1013643
  • 0

    OK. Thanks. I'm running a scan right now after I put in the excluded items. Still seems to be taking a long time, but once it's done I'll see if it's ok.

    Under the excluded items check box, there are some choices that ask When a threat is found and the default choice is deny access. Shouldn't clear up threat or delte threat be chosen?

    :1013645
  • 0

    You seem to have jumped to the on access scanner settings?

    Screen Shot 2013-10-04 at 21.00.04.png

    ...and yes, deny access is best one to go for.

    For the custom/scheduled/on demand scan the 'Options' tab has the cleanup options and 'Log only' is best - I thought that you were referring to that originally.

    Screen Shot 2013-10-04 at 20.55.34.png

    :1013653
  • 0

    Thanks I was actually looking at both. You've been very helpful. I really do appreciate your patience with me.

    :1013655