Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 7 subscribers
  • Views 27313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why is Sophos nearly impossible to quit?!

Rebel1

Recently I've been using the streaming quotes window on a brokerage website. It needs to load a Java app each time it runs.
With Sophos running, the Java can not load. Yesterday it took a lot of work to get Sophos to quit so the java would load. Today I was unable to use streaming quotes at all. Even when I remove Sophos from my login items, Intercheck still runs. There seems to be no way to stop Intercheck from running!  :smileymad:
Since the Java app wouldn't run, I kept clicking the link to start it, and I discovered that In Activity Monitor, each Java app that was being prevented from loading, uses close to 100% CPU and the fans race to keep things cool. Thus, 8 clicks = nearly 800% CPU!

Of course you can't quit Intercheck-it just starts again, and the Java can't load. I tried quitting Sophos Anti-Virus in Activity Monitor, but it won't stay quit! I quit the Sophos GUI, but that didn't help.
There should be an option in the Sophos menu bar icon to disable Sophos, since it's sometimes necessary. Once the Java loads, Sophos can be enabled again. Quiting Sophos should quit ALL of Sophos-INCLUDING Intercheck!
What's needed is for Sophos to allow exemptions, but I don't see any place to add them. Scottrade gave me 2 addresses to enter into an exemption window, but I can't use them.
Perhaps I could enter Java into the Excluded items window, but I don't want to exclude all Java.

Just now I discovered other issues: Java Preferences will not launch successfully unless Intercheck is quit. And in Java Preferences, in the Network tab, if you press the Delete Files button the app hangs until Intercheck is quit, even when the files have already been deleted - happens every time.


Sophos 7.3.12C

OS X 10.7.3

:1007709


This thread was automatically locked due to age.
Parents
  • 0

    It sounds like we've got multiple issues here.

    Sophos Anti-Virus has two parts: the first is an on-access scanner, controlled by Intercheck.  The second is on-demand scanning, controlled via the Sophos Anti-Virus app in your Applications folder.

    The on-access scanner, by default, scans inside all archives and scans every file as it is accessed for reading or writing.  Java jar files are really just Zip archives with a bunch of java class files inside; every time you read from a jar file, it gets unzipped and all the contents are analysed.  This is a simplified description, as there are all sorts of optimizations etc. but what it comes down to is that contantly reading/writing into jar files causes a LOT of scanning to occur.  Disabling archive scanning in the on-access component will fix this, while not disabling general on-access scanning (which means if a full jar file is known to be bad, or something other than an archive-based piece of malware is found, you're still protected).

    The on-demand scans set for scanning local drives are scheduled or performed manually.  These are useful to do on a semi-regular basis if, for example, you disable archive scanning in the on-access scanner to improve performance.

    There should never be a need to disable the Intercheck process itself; it controls other processes, but if on-access scanning and automatic updates are disabled, it basically does nothing other than sit there as a registered process doing a quick poll of its state from time to time.  It should never affect your system in any noticeable way.

    If Mal/JavaGen-F is firing on a file on your computer, it is either malicious and should be deleted, or you've got a "false positive", and we'd recommend submitting it to Sophos so that we can prevent it from giving you a false alert in the future.

    The quick way to temporarily disable Sophos is to disable on-access scanning (and optionally, automatic updates).  With those disabled, the product is effectively disabled.  At that point, all that Intercheck does is prevent some malicious software from coming in and messing with Sophos itself.

    I agree that software should not freeze your system; that implies that there is a serious issue here, either incompatability between Sophos and your ticker software, or some other more complicated issue.  When things froze, did you get a grey kernel panic window, or did some part of the interface just become unresponsive?  Once again, does disabling archive scanning in the on-access component stop this from happening?

    My guess is that you just need to exclude the folder that your stock software uses for temporary data storage from on-access scanning.  Without knowing what software package you're using, I won't know what you need to exclude, but if it's Java, you could start by excluding the jar file itself.

    :1007749
Reply
  • 0

    It sounds like we've got multiple issues here.

    Sophos Anti-Virus has two parts: the first is an on-access scanner, controlled by Intercheck.  The second is on-demand scanning, controlled via the Sophos Anti-Virus app in your Applications folder.

    The on-access scanner, by default, scans inside all archives and scans every file as it is accessed for reading or writing.  Java jar files are really just Zip archives with a bunch of java class files inside; every time you read from a jar file, it gets unzipped and all the contents are analysed.  This is a simplified description, as there are all sorts of optimizations etc. but what it comes down to is that contantly reading/writing into jar files causes a LOT of scanning to occur.  Disabling archive scanning in the on-access component will fix this, while not disabling general on-access scanning (which means if a full jar file is known to be bad, or something other than an archive-based piece of malware is found, you're still protected).

    The on-demand scans set for scanning local drives are scheduled or performed manually.  These are useful to do on a semi-regular basis if, for example, you disable archive scanning in the on-access scanner to improve performance.

    There should never be a need to disable the Intercheck process itself; it controls other processes, but if on-access scanning and automatic updates are disabled, it basically does nothing other than sit there as a registered process doing a quick poll of its state from time to time.  It should never affect your system in any noticeable way.

    If Mal/JavaGen-F is firing on a file on your computer, it is either malicious and should be deleted, or you've got a "false positive", and we'd recommend submitting it to Sophos so that we can prevent it from giving you a false alert in the future.

    The quick way to temporarily disable Sophos is to disable on-access scanning (and optionally, automatic updates).  With those disabled, the product is effectively disabled.  At that point, all that Intercheck does is prevent some malicious software from coming in and messing with Sophos itself.

    I agree that software should not freeze your system; that implies that there is a serious issue here, either incompatability between Sophos and your ticker software, or some other more complicated issue.  When things froze, did you get a grey kernel panic window, or did some part of the interface just become unresponsive?  Once again, does disabling archive scanning in the on-access component stop this from happening?

    My guess is that you just need to exclude the folder that your stock software uses for temporary data storage from on-access scanning.  Without knowing what software package you're using, I won't know what you need to exclude, but if it's Java, you could start by excluding the jar file itself.

    :1007749
Children
No Data
Unfiltered HTML