Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 3340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos not working - help please!

Jocelyn

I'm a new user (not tech minded), and having problems. Downloaded Sophos, read (quite a bit of) the manual, checked the settings were as recommended via preferences/top menu bar and hit scan. 5.6million items was a bit daunting, but things started to reduce very slowly and bar was pulsating. 10 hours later had only reached 3.6million, so left overnight and a further 10 hours later (computer alseep but not turned off) the number was identical. Bar pulsating but nothing appearing to be happening. Checked Quarantine box and there were 5 items there, so tried to clean up and got 'clean up failed' for all of them. Although I hadn't done a custom scan, I expanded that window and looked at scan settings, which seemed to show that it was going into all archived files (despite the fact that I had made sure this wasn't happening via top menu/preferences). At which point I hit stop scan - which didn't seem to do anything (bar still pulsating, item number static as before). Eventually quit the application. So, 22 hours after trying to secure my Mac, I'm no further forward!

So what am I doing wrong? Should I try again with a custom scan, where I exclude my external drive where Time Machine is backed up? And make sure the setting via the action wheel as well as preferences is not to do archived files? Could I/should I also exclude my picture files? Supposing I can get it working, after I have done an initial scan, do I need to schedule further regular scans or should it just actively check web activity and downloads (and Mail?) without me having to do anything else?

I have an iMac with 10.8 OSX recently installed on a new SSD in my computer. Screen shots of Qarantine and scanning log attached. Scanning log seems very short for 20 hours work. 

Any help very gratefully received...

:1016105


This thread was automatically locked due to age.
Parents
  • 0

    Sorry to hear about your problems.  Glad you read the manual - that will help - and may I also suggest the YouTube video playlist…

    Thanks for the screenshots - they help a lot. Let’’’’s look at the one showing the Console log first:

    Screen Shot 2014-03-05 at 10.45.06.png


    The ‘‘‘‘Scan Local Drives’’’’ name means you clicked ‘‘‘‘Scan This Mac’’’’. When the scan runs it logs the configuration settings at the start and I can see that you have the default setting of scanning compressed files enabled. The scan gets ‘‘‘‘stuck’’’’ around 11:06 on 4th, on a file called ‘‘‘‘upgrade.html’’’’ as it does log anything after that until the following day (5th at 08:08).


    The scanner seems to be struggling with the Time Machine backups. Because files in a backup cannot hurt the Mac (they can’’’’t run from in there) I suggest excluding the Time Machine volume from the scan and trying again. I also suggest switching off compressed files and seeing what that does to the scan time (threats can run from within a compressed file so it's safe to exclude them).  You should definitely watch the first 1 minute 34 seconds (precisely :o) of the video on scanning…

    Now let’’’’s look at the screenshot showing the Quarantine Manager:


    It shows five items detected, all at the same time (and on the 5th, so on the second day). All the items are in /Volume/LaCie/Backups.backupdb/ hence these are Time Machine backups correct (just want to be sure)?  And they are quite old backups too (circa 2010) correct? The problem with Time Machine backups is that though SAV can scan the volume (drive) and detect threats inside the backups, it can’’’’t get in to cleanup (that would be simply ‘‘‘‘delete’’’’ in this case) because of the file structure and permissions allowed by the operating system.


    I would suggest simply clearing the items from the quarantine manager and implementing the exclusion shown in the scanning video to prevent future scanning of the backup volume. Yes the threats are in there but you’’’’d have to go out of your way to find them, restore them, and even then the on-access scanner would block them running - not that they are a threat to your Mac operating system (only an unprotected Windows computer).

    With the exclusions in place and compressed file scanning switched off you should see an improvement in scan times.


    Hope that helps.

    :1016163
Reply
  • 0

    Sorry to hear about your problems.  Glad you read the manual - that will help - and may I also suggest the YouTube video playlist…

    Thanks for the screenshots - they help a lot. Let’’’’s look at the one showing the Console log first:

    Screen Shot 2014-03-05 at 10.45.06.png


    The ‘‘‘‘Scan Local Drives’’’’ name means you clicked ‘‘‘‘Scan This Mac’’’’. When the scan runs it logs the configuration settings at the start and I can see that you have the default setting of scanning compressed files enabled. The scan gets ‘‘‘‘stuck’’’’ around 11:06 on 4th, on a file called ‘‘‘‘upgrade.html’’’’ as it does log anything after that until the following day (5th at 08:08).


    The scanner seems to be struggling with the Time Machine backups. Because files in a backup cannot hurt the Mac (they can’’’’t run from in there) I suggest excluding the Time Machine volume from the scan and trying again. I also suggest switching off compressed files and seeing what that does to the scan time (threats can run from within a compressed file so it's safe to exclude them).  You should definitely watch the first 1 minute 34 seconds (precisely :o) of the video on scanning…

    Now let’’’’s look at the screenshot showing the Quarantine Manager:


    It shows five items detected, all at the same time (and on the 5th, so on the second day). All the items are in /Volume/LaCie/Backups.backupdb/ hence these are Time Machine backups correct (just want to be sure)?  And they are quite old backups too (circa 2010) correct? The problem with Time Machine backups is that though SAV can scan the volume (drive) and detect threats inside the backups, it can’’’’t get in to cleanup (that would be simply ‘‘‘‘delete’’’’ in this case) because of the file structure and permissions allowed by the operating system.


    I would suggest simply clearing the items from the quarantine manager and implementing the exclusion shown in the scanning video to prevent future scanning of the backup volume. Yes the threats are in there but you’’’’d have to go out of your way to find them, restore them, and even then the on-access scanner would block them running - not that they are a threat to your Mac operating system (only an unprotected Windows computer).

    With the exclusions in place and compressed file scanning switched off you should see an improvement in scan times.


    Hope that helps.

    :1016163
Children
No Data