Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 6 subscribers
  • Views 2511 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AV Mac Edition 7.3.5C - hangs trying to clean up non-existent file?

rdsh

Since I came back this afternoon (family have been using the Mac), SAV keeps popping up a message to say it has detected a threat. When I open the quarantine manager, it says the threat is Mal/KeyGen-M and the filename is '...'

Under threat details, for the Path and Filename is says "To view all components of the threat, you must authenticate as an administrator", and under Action Available is says "The threat can be cleaned up". However, when I authenticate as admin, the Path and Filename is still blank. If I then choose the clean up the threat, quarantine manager says "Cleaning up threats", shows me a progress bar and then goes no further. Even leaving iot for an hour or more this window doesn't go anywhere and the only way out of it is to Force Quit the app. Later on the message pops up again and so the cycle repeats.

I have noticed the following console messages for Sophos:

25/11/2011 21:51:34.910 com.sophos.notification: 2011-11-25 21:51:34.909 SophosAVAgent[1331:207] <IPCConnection: 0x429200> exception raised in delegate's message handler: *** -[__NSArrayM insertObject:atIndex:]: object cannot be nil

25/11/2011 21:52:42.953 com.apple.SecurityServer: Failed to authorize right 'com.sophos.cleanup' by client '/Library/Sophos Anti-Virus/SophosAntiVirus.app' [1084] for authorization created by '/Applications/Sophos Anti-Virus.app' [1302]

25/11/2011 22:12:37.319 com.apple.launchd.peruser.501: ([0x0-0x42042].com.sophos.sav[1302]) Exited: Terminated: 15

Any ideas - is this a false alarm of some sort, and if not how can I find out what file SAV is complaining about and how to clean it up?

:1004577


This thread was automatically locked due to age.
Parents
  • 0

    Many thanks for the reply, and the reassurance that this 'keygen' thing isn't a threat under Mac OSX. I guess the main problem is that this threat detected message pops up every five or ten minutes so it's a bit intrusive. I did log out and log back in as root, then I opened Quarantine Manager at which point the same quarantined file was showing (again with no path or filename). I selected the item and chose to clean up but the same thing happened, the progres bar appeared and after a while I had to force quit the process to get out of it. I also checked the console (while logged in as root) and saw the same Sophos message about something not allowed to be 'nil'.

    I will do as you suggest though and log in as root and run a full scan to see if it can locate the offending file (complete with path and filename) and then clean it up.

    What I did wonder (and this is pure speculation on my part) is - could Sophos be detecting something in memory, i.e. a running process, that matches the characteristics of this keygen threat?

    Anyway, I will post the results of my scan as root as soon as I can.

    :1004595
Reply
  • 0

    Many thanks for the reply, and the reassurance that this 'keygen' thing isn't a threat under Mac OSX. I guess the main problem is that this threat detected message pops up every five or ten minutes so it's a bit intrusive. I did log out and log back in as root, then I opened Quarantine Manager at which point the same quarantined file was showing (again with no path or filename). I selected the item and chose to clean up but the same thing happened, the progres bar appeared and after a while I had to force quit the process to get out of it. I also checked the console (while logged in as root) and saw the same Sophos message about something not allowed to be 'nil'.

    I will do as you suggest though and log in as root and run a full scan to see if it can locate the offending file (complete with path and filename) and then clean it up.

    What I did wonder (and this is pure speculation on my part) is - could Sophos be detecting something in memory, i.e. a running process, that matches the characteristics of this keygen threat?

    Anyway, I will post the results of my scan as root as soon as I can.

    :1004595
Children
No Data