Console initiated Full System Scan issues

Hello Vlad,

a scheduled scan should appear in the scans list of the endpoint's GUI. The Mac GUI at least in addition shows the last time such a scan has been run. Regardless of the platform the scan's start should be recorded in the AV log apart from the scan-specific log. Unless the scan perishes in some obscure way completion, abort, or cancel should also result in a message written to the log (which is normally also sent to SEC together with alerts and errors - although these are not explicitly associated with the scan, only the "final" message is). BTW - I've tested with an outdated OSX10.4/SAV8.0 installation where the Mac hadn't been rebooted for ages and albeit compliant it didn't start the scheduled scan. After reboot the scans were started according to schedule and correctly reported to SEC.

Christian

Cheers Christian,

One of the Macs has reported back after doing a console initiated scan last night. I will try the other two Macs again to see what happens, like wise the Fedora PC.

It seems at least for one of the Macs (have not checked the other that is not working), that the SophosManagementAgent log states it got EM-DoAction message from Router$SOPHOS.EM followed by it has received action for SAV. However, there is nothing in the Sophos Anti-Virus log to state it has started a scan.

Hello Vlad,

on my legacy Mac the Do-Action (and the resulting scan) doesn't sen a message to the AV log. But the scan (if started) writes its log to /Library/Logs/Sophos Anti-Virus/Scans/SEC Full System Scan/ (a named scheduled scan would write to a folder with its name). Dunno though where you would see why a scan isn't started.

Christian