Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 40 replies
  • Subscribers 6 subscribers
  • Views 66679 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troj/Zbot - HAD

dakotaspurs

Hi everybody,

I am using Sophos Anti-Virus 8.0.20C on the Mac and I am having a very annoying alert recurring constantly throughtou the day.

I have an alert come up saying that it has detected the Troj/Zbot - HAD (sometimes the HAD is replaced with something else).  So I open up Quarantine Manager and Authenticate to be able to remove it, but as soon as I have authenticated, the threat in the window disappears without giving me a chance to clear it.

This has been going on for weeks and I have run the full scan of the machine a number of times, which comes up clean, but it keeps coming up.

Does anyone know why this is and how I can stop this happening?

UPDATE - I have since truned off the Scan inside archives and compressed files option in the preferences pain as suggetsed on another post but this hasn't solved the issue.

:1014787


This thread was automatically locked due to age.
Parents
  • 0

    As things have be going on for a while let's recap to see what the issue is:

    1. Problem: On-acess scanner detects a threat(s) and alerts.  Cleanup for the items does not finish and just hangs.  In the QM there is no path to the threat so it cannot be located.  Checking the on-access scanner log with Console shows the item alerted is not record in there.
    2. Started with version 8 but continues with version 9 now the installations has been upgraded.
    3. Full on-demand scan of the entire drive (inc. TM?) comes up clean - no threat is found.
    4. Excluding compressed files from the on-access scanner fails to stop the on-access alerts from appearing.
    5. Problem may center on TM drive and files being read from that volume, however the on-access exclusion for TM is in place as show from the log in Console that shows a /Volumes/Data/ exclusion and this is the TM drive.

    Does that sound like a correct summary?

    Is it possible for you to post the entire on-access scanner log (or email it to me if you prefer not to post it in the forum (sophossupport at icloud dot com)) as a txt/log file?

    And can you test point 5 by unmounting TM from the Mac (disconnect it)?  Then see if the pop-ups stop or not.

    :1015465
Reply
  • 0

    As things have be going on for a while let's recap to see what the issue is:

    1. Problem: On-acess scanner detects a threat(s) and alerts.  Cleanup for the items does not finish and just hangs.  In the QM there is no path to the threat so it cannot be located.  Checking the on-access scanner log with Console shows the item alerted is not record in there.
    2. Started with version 8 but continues with version 9 now the installations has been upgraded.
    3. Full on-demand scan of the entire drive (inc. TM?) comes up clean - no threat is found.
    4. Excluding compressed files from the on-access scanner fails to stop the on-access alerts from appearing.
    5. Problem may center on TM drive and files being read from that volume, however the on-access exclusion for TM is in place as show from the log in Console that shows a /Volumes/Data/ exclusion and this is the TM drive.

    Does that sound like a correct summary?

    Is it possible for you to post the entire on-access scanner log (or email it to me if you prefer not to post it in the forum (sophossupport at icloud dot com)) as a txt/log file?

    And can you test point 5 by unmounting TM from the Mac (disconnect it)?  Then see if the pop-ups stop or not.

    :1015465
Children
No Data