Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 9738 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Custom Scans on Sophos 9.0.1

Hughmoz1

Hello thee

I set up 2 scans on Sophos on my i-Mac. The 1st scans my i-Mac hard drive and excludes the External Drive (TimeMachine backups) and the 2nd one scans my external drive (TimeMachine backups) and excludes the Hard Drive.

The 1st custom scan will work each time that I click on 'scan now', which seems straightforward to me.

Hhowever the 2nd scan worked the first time that I used it, but if I now click on 'scan now' on the same custom scan it  just says after 20 seconds the date and time and  says 'no threats found without actually scanning the external drive as far as I am aware as there are a lot of files on it.

I have tried duplicating the 2nd scan and I get the same result each time as listed above.

Am I supposed to set up a new custom scan every time to scan the external drive and if so hoe is i tthatt he 1st scan works evey time?

Any help apprciated

:1013375


This thread was automatically locked due to age.
  • 0

    This is not what should happen.

    I can recreate the issue though...I plug in a USB pen drive, the drive mounts.  I create a custom scan of the drive and then run the scan.  The scan takes the right amount of time and then completes with a summary.  I then unmount the drive in Finder and run that same custom scan again.  SAV does its 'Calculating' thing and the jumps straight to the summary - it fails to report that the drive isn't there any more.

    Now, I'm sure this didn't happen on the first test run, and I can prove it from the log...

    Scan name: "USB pen drive"
Scan items:
	Path: /Volumes/NEW VOLUME enabled: yes
Configuration:
	Scan inside archives and compressed files: Yes
	Automatically clean up threats: No
	Action on infected files: Report only
	Live Protection enabled: Yes

Immediate scan started at 2013-09-12


Scan completed at 2013-09-12.
	1765 items scanned, 0 threats detected, 0 issues

    ...but on subsequent runs I get an 'Issues detected' flag in the scan summary...

    If I look in the scan log (through Console) I see the message...

    2013-09-12 Issue: item at path "/Volumes/NEW VOLUME" does not exist

Scan completed at 2013-09-12.
	0 items scanned, 0 threats detected, 1 issues

    So...maybe the drive isn't properly mounted in OS X.  Try unmounting the drive properly (eject via Finder) and plug it back in., then scan again.

    If that doesn't resolve it try the good old fashioned reboot and try again.

    Post back your findings and what happens - include what it says in the log (check via the Console app).  Example:

    :1013381
  • 0

    Hi Diz

    I ejected TimeMachine external drive back-ups through finder and unpluggged and plugged in again. Same result as beforeand also tried the duplicate which did ditto. Re-botted and tried again. Same result.

    Have just put last one recorded in Console on TimeMachine as they are all going to be identical.

    :1013387
  • 0

    ***READ THE POST BELOW THIS ONE FIRST - scroll down for a simpler idea***

    The log shows you have excluded:

    /

    In the custom scan settings if I exclude the hard drive icon it adds '/' to the exclusions and since the other drive is mounted under /Volumes the USB drive is excluded too.  Therefore the custom scan is told to "scan the back up drive, but exclude the root (which includes the /Volumes/Time Machine Backups folder) hence don't scan anything".  Therefore the scan runs and goes, hey nothing to do, so I'll quit.

    It's a bit bizarre - maybe Bob Cook (a Sophos developer) can comment on this more - or someone else?

    Anyway there is a way round this - remove the exclusion of the root of the drive and add in exclusions for everything else.

    1. On the 'Exclude Items' tab remove the currently listed '/' item with the minus (-) symbol.
    2. Select the 'Choose' button.

      Important: For points one to four below it helps to use only the keyboard and not touch the mouse (otherwise you'll change focus of the required panel).

      You'll be look at all the folders (but there a hidden folders there too)...


      If you pressed the 'Open' button now you would get the '/' item back - don't do this though.  Instead...
    3. With the window (shown above) active press Command + shift + .  (that's dot as in fullstop/period).  All the folders of the drive are listed - normal ones AND the hidden ones.
    4. Press Command + a to select all of the files.  You have something like this...


    5. Now press the 'Open' button with the mouse to add all the separate folders to the exclusions list.
    6. Locate the 'Volumes' folder and remote this...


    7. Click the 'Done' button to add all the exclusions.
    8. Run the scan.  If you got it right the scan should scan the backup drive only.  You can use Console to check the 'Scan items' (that are included) and the 'Exclusions' (that aren't).  Example:

    Hope that explains how to do it.

    :1013391
  • 0

    You know, I wrote all that and then reading it back and it occurs to me that I got trapped into thinking one way.  It'll work, but it's not required.

    It now occurs to me that you only have to set up the two scans like this...

    Main drive scan:

    Include items: /

    Exclude items: /Volumes/Time Machine Backups

    Time Machine scan:

    Include items:: /Volumes/Time Machine Backups

    Exclude items: (nothing - not required).

    Far simpler.  Must have been a long day.  :smileyembarrassed:

    :1013397
  • 0

    Thankd Diz, briliantly simple.:)

    :1013401