Today, all of a sudden, my free Sophos Antivirus for Mac warned me, that the on-access scanner no longer was running. I tried to restart it from within the Preferences, but get an error message that this could not be done.
Whats wrong and how can this problem be solved? (Tried to uninstall and reinstall but the error persisted)
Had similar issue but different sequence of events involved. Received a fake LinkedIn message that appeared to be from one of my network. I clicked to review the message and an advertisement page opened up, telling me that I have been fooled despite all caution (all it takes is 1 sec of letting your guard down!). I flagged the message as spam and deleted it. Shortly after I got a message that Sophos Antivirus is not running. Upon further investigation I got a message that on-access scan is not running.
First thing I tried was a manual update. Current version is 8.0.5C, Threat detection engine 3.33.2 and Threat date is 4.79, all running on MacBookPro with OSX 10.6.8.
I tried to change the setting for on-access scan but could not. I checked permissions: System has read/write, admin and everyone has read-only. I added myself with read/write rights and tried again to change settings, but no luck.
At this stage I am suspecting that a malware may have infected my system. I disconnected my TimeMachine and Ethernet to prevent any spread. I checked on the advanced tab of my firewall if any new app has added itself. There was at the top of the list "screen sharing" separated by a line from the rest of the apps in the list and set to "allow". I could not change its setting to "block" and therefore as a precaution switched my firewall to block all sharing services.
I have read through this thread, but would like to hear from Sophos or the community manager before I start attempts to re-update or uninstall particularly as the password received with my user name from Sophos is masked and I don't remember it.
Appreciate any insight or advice you can contribute.
Greetings,
I am running the Home Edition under OS X 10.6.8.
The system log reports that I upgraded from "Version 4.78, 04 June 2012" to "Version 4.79, 02 July 2012" on 17JUL12.
Since that time, com.sophos.intercheck reports "Fatal Error" when attempting to start, then com.apple.launchd reports that com.sophos.intercheck "Exited with exit code: 22".
com.apple.launchd then reports com.sophos.intercheck "Throttling respawn: Will start in 2 seconds"
Sophos then launches and continues this launch/failure iteration UNTIL I connect the system to the Internet.
Sophos will then successfully start and I can take the system off the net without any apparent further issue.
Version 4.78 did not exhibit this behavior on this Mac.
2 QUESTIONS:
- Is this the expected default behavior for 4.79?
- Is there a configuration variable that I can change so that Sophos does not interminably "thrash" while waiting for an Internet connection?
Thank you.
Regards,
- Jim
BeachsideJim wrote:Greetings,
I am running the Home Edition under OS X 10.6.8.
The system log reports that I upgraded from "Version 4.78, 04 June 2012" to "Version 4.79, 02 July 2012" on 17JUL12.
Since that time, com.sophos.intercheck reports "Fatal Error" when attempting to start, then com.apple.launchd reports that com.sophos.intercheck "Exited with exit code: 22".
com.apple.launchd then reports com.sophos.intercheck "Throttling respawn: Will start in 2 seconds"
Sophos then launches and continues this launch/failure iteration UNTIL I connect the system to the Internet.
Sophos will then successfully start and I can take the system off the net without any apparent further issue.
Version 4.78 did not exhibit this behavior on this Mac.
2 QUESTIONS:
- Is this the expected default behavior for 4.79?
- Is there a configuration variable that I can change so that Sophos does not interminably "thrash" while waiting for an Internet connection?
Thank you.
Regards,
- Jim
4.78/4.79 is the data package version; this gets updated monthly. What happened on the 17th is that your actual software was updated to version 8.0.5 -- and if you updated from version 7.3.x, it means that you now have a new feature which may be causing the issue: Live Lookups. You can disable this from the Preferences to see if that fixes the thrashing issue, as it does attempt to send and receive data via DNS for each suspicious file access.
This is the only major feature change between versions, so is the likely culprit.
i am having the same problem
- macbookpro - lion 10.7.4
- new sophos install 8.0.5C
detection engine 3.33.2
I will randomly get the 'On-access scanner no longer running' message..
icon goes grey, and I can't turn the 'on-access scanner' back on.. but I can run a manual update .. which is weird.
Preferences default has 'ENABLE LIVE PROTECTION' checked ..
I do NOT see any setting labled 'Live Lookups' .. is the 'enable live protection' the same thing ?
.. and intuitively, it seems like I would want to have that on, not off.
Regardless, unchecking 'enable live protection' doesn't solve anything.
I have my wifi network hidden, and set to not auto connect, so when my mac goes to sleep, I am disconnected.
The last time the sophos reported the 'no longer running' message, was directly upon wakeup, before I logged in to my wi-fi .. and it would not start even after I connected .. it did start after a full reboot.
sometimes I have to reboot 2 or 3 times to actually get sophos to enable itself again.
Sophos has caught a couple trojans, so i am really wanting to make sure it is working properly 100% and I don't have to worry about it turning off, or WHY it is turning off..
talk about paranoid.. I am so that, right now.
reassurance and advice appreciated.
wendy
We are indeed talking about "Enable Live Protection".
However, it sounds like your configuration is defintiely not Live Protection friendly (it sends large datagrams back and forth over DNS when it encounters a suspicious-looking file), and may have problems with auto-update as well.
Your network setup may also be causing problems with on-access scanning, if you've got network shares that auto-connect.
Disabling Live Protection slightly increases your chance of getting false positive detections, and prevents the cloud from gathering automatic telemetry on the detections you do get.
Hi Andrew,
many thanks for your feedback here.
I came across the problem of on-access scanning OFF on startup. It only happens if my Mac is not connected to internet, if it is everything works fine.
Disabling Live Protection solves this problem.
What is Live Protection really? Should I be concerned having this feature disabled?
Thanks!
Leandro
leandrofgj wrote:Hi Andrew,
many thanks for your feedback here.
I came across the problem of on-access scanning OFF on startup. It only happens if my Mac is not connected to internet, if it is everything works fine.
Disabling Live Protection solves this problem.
What is Live Protection really? Should I be concerned having this feature disabled?
Thanks!
Leandro
Live Protection checks back with our Labs database via a DNS request when it discovers suspicious files, and verifies whether or not they are malicious. This way, you get a response as soon as we've made a decision about a file, instead of having to wait for the next data update (which happens approximately every 4 hours and includes generic detections that aren't file-dependent).
