Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 6 subscribers
  • Views 3157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Causes MacBook Pro Running 10.7.2 To Freeze During Check for Virus Patterns at Startup

NHobbs

Over the last few days I have been experiencing an issue where my MacBook Pro running 10.7.2 and running Sophos AV 7.6.3C, will completely freeze and require me to physically power off the Mac.  This happens immediately upon logging into my user account when starting up from off.

I can confirm that this happens regardless of where I disable all start-up items (performed by logging in while holding the Shift key) or during normal startup.

Do you other users that experience this?

I'm disappointed with the Sophos AV for Mac product, as I haven't experienced this with any of your 'paid for' enterprise products.

If you would like any logs from my system, I am happy to provide them.

Many thanks in advance.

:1004687


This thread was automatically locked due to age.
  • 0

    Do you have the same issues with on-access scanning disabled?  Turning off start-up items shouldn't make a difference to SAV.

    Also, are you using encrypted volumes, and do you have Time Machine enabled?

    We do have a known issue to do with Time Machine backups that affects a few people; the fix is already slated for a release next year.

    I haven't heard of anyone else locking up at boot however, so we may want to examine how your system differs from standard setups to isolate the issue.

    :1004689
  • 0
    Thanks for the reply. I use Time Machine and I have excluded the disk and volume that it uses from the 'On-Access' scanner. I did gave the Time Machine drive connected on one occasion, and it was preparing the back up at that time.

    I don't have any encrypted volumes. I do have the 'On-Access' scanning enabled.

    The issue only started on Sunday afternoon and only seems to happen when it tries to connect to your Update server.

    Do you need any logs?
    :1004691
  • 0

    Logs would be useful, but I'm not sure which ones I'd need yet... although the timing and update scenario help.

    Did you happen to apply any updates/patches on Saturday/Sunday?  The Safari update, for example?

    A snippet of the system log surrounding the crash would be useful, as would /Library/Logs/Sophos Anti-Virus.log, and any CrashReporter and DiagnosticReports logs you feel might be related.

    :1004695
  • 0

    Hi Andrew,

    As I promised, I have just had a look at the logs that you've listed and I'm afraid that I can't find anything the 'Sophos' logs that talk about updating activity they only list the activity that is centred around the scans that I have run.  However, I have found the following within the 'System' log that is around the time that I had laptop lock up;

    Dec  7 19:19:50 macbook001 SophosAutoUpdate[58]: WARNING: The sun_len field of a sockaddr_un structure passed to CFSocketSetAddress was not set correctly using the SUN_LEN macro.
    Dec  7 19:41:34 rangers7 SophosAutoUpdate[57]: WARNING: The sun_len field of a sockaddr_un structure passed to CFSocketSetAddress was not set correctly using the SUN_LEN macro.
    Dec  7 19:47:11 rangers7 com.apple.launchd.peruser.501[150] ([0x0-0xe00e].com.sophos.ui[197]): Exited: Killed: 9
    Dec  7 19:47:20 rangers7 SophosAutoUpdate[423]: WARNING: The sun_len field of a sockaddr_un structure passed to CFSocketSetAddress was not set correctly using the SUN_LEN macro.

    I switched the Mac on and logged in at 19:19:50 on December the 7th and I then brought the system backup up and logged on again at 19:41:34.  Looking in the Diagonstic and Usage Messages' log the only activity that was going at this time was connecting to the local wirless network.

    When I have a look in the 'CrashReporter', 'DiagonsticReports' and 'HangReporter' logs there is nothing logged at all regarding Sophos or anything for the last two weeks, while I was experiencing the issue with Sophos' 'On-Access Scanner' causing the Time Machine backups to stall and freeze the laptop, which was manisfesting at a Firefox crash.

    From everything that I can see it appears that the reason for the laptop freezing, was due to Sophos connecting to the update servers to see if there were any new virus patterns.  So you know, I have booted up this after with exactly the same configuration of that on the 7th of December and I experienced no issues.

    If you need anything further from me, just let me know.

    Kind regards,

    Neil

    :1004713
  • 0

    Thank you!  That was extremely informative.  I will make sure both the dev team and the systems team are notified about this.

    :1004727
  • 0

    Hi Andrew,

    Not a problem.  I will keep an eye on how the application behaves over the next few weeks, as it has been happening when least expected.  If I come across anything within any of the logs, I will upload it here and we'll see where we are.

    Many thanks,

    Kind regards,

    Neil

    :1004747