This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9.4 hanging on every scan

I have run Sophos Anti-virus on my Mac laptop several times now and every time it hangs half-way through the scan. From what I can tell, it is hanging on the exact same file each time. I get no message of any kind, just the progress bar showing how far along it is and the number of files scanned. I am running Yosemite on my Mac. Any help would be appreciated.

Thanks,


Darin



This thread was automatically locked due to age.
  • I'm getting the same problem, but it only started when I upgraded to El Capitan. Don't have any answers for you, sorry, but perhaps the moderators will start to notice. Adrian
  • Hi @Adrian Kelly and @DarinFennell. What file does it hang on? Is it the same as community.sophos.com/.../10371
  • this is happening to me as well after an el capitan update. The "files remaining #" counts down, but it keeps getting hung up on the series of files (one is open office; the other is education software). My scan got 75% done before this started, and it just took forever (~3 hours for 600000 files) and I just shut it down.
  • It would be really helpful if you could post the output of the logs, so we can get an idea of which files the scan is hanging on.

  • here's what in the log files for scan local drives:

    Sophos Anti-Virus
    Product version: 9.4.0
    Threat detection engine version: 3.61.0
    Threat data version: 5.19
    Release date: 15 September 2015
    Detects 9901068 threats
    Copyright © 1993-2012 Sophos Ltd. All rights reserved.

    Using IDE files:
    acedro-b.ide age-aolt.ide age-aolu.ide age-aolz.ide age-aong.ide age-aooq.ide age-aopj.ide age-aoqx.ide age-aorf.ide
    age-aorz.ide age-aoss.ide age-aost.ide age-aosu.ide age-aosv.ide age-aosw.ide age-aour.ide age-aouy.ide age-aovo.ide
    age-aovs.ide age-aowh.ide age-aowu.ide andro-ed.ide andro-ee.ide auto-bct.ide auto-bdb.ide auto-bec.ide auto-bem.ide
    auto-bey.ide banc-ccj.ide bank-gmd.ide bank-gmj.ide bank-gmn.ide banl-bzk.ide banl-bzl.ide banl-bzw.ide banl-cab.ide
    banl-cac.ide banl-cas.ide banl-cax.ide banl-cbd.ide bartex-a.ide bckd-rtk.ide bckd-rtl.ide bedep-r.ide bedep-t.ide
    betabo-s.ide betabo-t.ide bredo-zf.ide chisb-ay.ide chisb-az.ide chisb-ba.ide chisb-bb.ide chisb-bh.ide darkc-aw.ide
    darkc-ay.ide darkko-p.ide delf-fyv.ide delf-fyx.ide delp-ag.ide dloa-dyv.ide dloa-dyy.ide dloa-dzi.ide docd-aab.ide
    docd-aat.ide docd-aau.ide docd-aax.ide docd-abc.ide docd-abo.ide docd-aci.ide docd-acp.ide docd-acs.ide docd-adc.ide
    docd-adi.ide docdl-yp.ide docdl-yq.ide docdl-ze.ide docdl-zh.ide docdl-zp.ide docdl-zt.ide docdl-zx.ide docdr-gf.ide
    dofoi-bl.ide dorkb-km.ide dride-gl.ide dride-gm.ide dride-gs.ide dride-gw.ide dride-gx.ide droda-aa.ide droda-ao.ide
    droda-at.ide droda-av.ide droda-be.ide dwnl-mte.ide dwnl-mtf.ide dwnl-mtu.ide dwnl-mub.ide dwnl-muo.ide dynam-as.ide
    dynam-av.ide dyrez-hz.ide dyrez-if.ide dyrez-ig.ide dyrez-iz.ide dyrez-ja.ide dyrez-jm.ide dyrez-jq.ide explo-bm.ide
    farei-ki.ide farei-kk.ide farei-km.ide farei-ku.ide farei-kx.ide farei-le.ide farei-lj.ide farei-lk.ide farei-lu.ide
    farei-md.ide farei-mj.ide farei-mn.ide farei-mw.ide farei-my.ide farei-ne.ide farei-ni.ide farei-nj.ide farei-nm.ide
    farei-nq.ide farei-nx.ide farei-ol.ide farei-ow.ide farei-pf.ide farei-pq.ide farei-pr.ide floder-d.ide gatak-m.ide
    golrot-h.ide graft-an.ide gulpix-a.ide hitbro-a.ide inje-bqu.ide inje-brb.ide inje-brf.ide inje-brh.ide inje-bru.ide
    java-zu.ide javab-xs.ide javab-yt.ide jsdld-cd.ide kazy-cv.ide keliho-z.ide ldmon-x.ide ldmon-y.ide limit-be.ide
    limit-bh.ide limit-br.ide limit-bw.ide limit-cg.ide limit-ch.ide limit-cq.ide limitl-n.ide lnk-q.ide lnk-r.ide
    loader-u.ide mdro-gwn.ide mdro-gyo.ide minidu-b.ide minidu-g.ide msil-ebi.ide msil-ebw.ide msil-edd.ide msil-edt.ide
    msil-eef.ide msil-eeq.ide msil-efl.ide msil-efm.ide msil-efn.ide msil-egd.ide msil-egl.ide msil-egs.ide msil-egt.ide
    msil-egu.ide msil-egy.ide msil-eie.ide msil-eii.ide msil-eiv.ide msil-ekg.ide msil-ekh.ide msil-ekk.ide msil-eko.ide
    msil-ema.ide msildl-e.ide msili-ja.ide necur-dk.ide nemuco-e.ide nemuco-f.ide netwir-x.ide netwir-z.ide pdfj-aiu.ide
    pdfuri-m.ide phpsh-az.ide phpsh-be.ide plimro-b.ide plugx-bt.ide ponmoc-x.ide rans-ber.ide rans-bes.ide rans-bfc.ide
    rans-bfh.ide rans-bfu.ide rans-bfw.ide rans-bgb.ide rans-bgc.ide rans-bgs.ide rans-bhd.ide rans-bhe.ide rans-bhj.ide
    rans-bhr.ide rans-bhu.ide rans-bia.ide rans-bie.ide rans-big.ide rans-bih.ide rans-bim.ide rans-biq.ide rans-bix.ide
    rans-bjb.ide rans-bjd.ide rans-bjp.ide rans-bjq.ide rans-bka.ide rans-bkg.ide rans-bkm.ide rans-bkn.ide rans-bkt.ide
    rans-bku.ide rans-bkw.ide rans-bkx.ide rans-bky.ide rans-bkz.ide rans-bla.ide rans-blr.ide rans-blu.ide ransmd-a.ide
    rarma-ay.ide redlon-f.ide redlon-k.ide rtfdrp-x.ide sdbo-dqa.ide skeeya-q.ide sofacy-g.ide sucefu-a.ide swf-ar.ide
    swfex-jd.ide swfex-jh.ide swfex-jj.ide tepfe-cr.ide tinba-br.ide tinyba-a.ide tofse-an.ide toshli-a.ide upatr-sv.ide
    upatr-tc.ide upatr-td.ide upatr-ts.ide upatr-tx.ide upatr-ue.ide upatr-uf.ide urela-ai.ide vb-iuf.ide vb-iut.ide
    vb-ivf.ide vbe-ap.ide vbs-gk.ide vbs-go.ide vbsdl-n.ide vbzbo-by.ide vbzbo-cd.ide vbzbo-ce.ide vbzbo-cf.ide
    vbzbo-ch.ide vbzbo-cl.ide vbzbo-cq.ide vbzbo-cr.ide vbzbo-cs.ide wonto-th.ide wonto-ts.ide xcdgho-b.ide xtrat-ad.ide
    yakbee-a.ide yakes-ca.ide yakes-ce.ide zbot-jzw.ide zbot-kae.ide zbot-kam.ide zbot-kap.ide zbot-kbe.ide zbot-kcl.ide
    zbot-kcp.ide zbot-kcu.ide zbot-kdg.ide zbot-kdi.ide zbot-kdl.ide zegos-hh.ide zegos-hj.ide zegos-hv.ide zipma-gb.ide




    Scan name: "Scan Local Drives"
    Scan items:
    Configuration:
    Scan inside archives and compressed files: Yes
    Automatically clean up threats: No
    Scan for adware and potentially unwanted applications (PUA): Yes
    Automatically clean up adware and potentially unwanted applications (PUA): No
    Action on infected files: Report only
    Live Protection enabled: Yes

    Scan started at 2015-10-12 22:49:00 -0400

    New volume detected at /
    Scan cancelled at 2015-10-12 23:18:52 -0400
  • basically, the scan is getting to about 75% done, then it detects an issue (not a threat) and then starts cycling through open office, a piece of education software, and google drive installer over and over. the files scanned dialogue keeps going down, but the overall scan is appreciably slower
  • they all seem to be .dmg files, if that makes any difference
  • I have a similar problem. I have a scheduled scan which usually runs for 5-6 minutes on my home directory. It ran today for just a few seconds and reported "No Threats Found" but the last scanned date/time was not updated. I ran again using the scan button with the same effect. The last entry in the log is "Scan started at 2015-10-16 09:07:26 +0100".

    The console log for the scheduled scan shows :

    16/10/2015 09:00:32.583 SophosAVAgent[681]: Could not resolve bookmark. Error: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.bird was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.bird was invalidated.}

    16/10/2015 09:00:32.584 diagnosticd[132]: error evaluating process info - pid: 681, puniqueid: 681

    16/10/2015 09:00:34.162 com.apple.xpc.launchd[1]: (com.apple.ReportCrash.Root[682]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash.DirectoryService

    16/10/2015 09:00:34.162 com.apple.xpc.launchd[1]: (com.apple.ReportCrash.Root[682]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash.DirectoryService

    I have the crash report but it is rather large.

    I ran a sweep from the terminal and it reported:

    45847 files swept in 5 minutes and 35 seconds.
    935 errors were encountered.
    No viruses were discovered.
    Ending Sophos Anti-Virus.

    The errors were mostly permission errors on plist files etc.

    Running El Capitan 10.11 and Sophos 9.4.0
  • I have the same hanging on .dmg file the scan stop the window of scan is always opened and do nothing.
    Imac 20" el captitan v10.11
    Please sophos staff what's the solution ?
    From France
    bonjour à tous

  • Same here since upgrading to Mac 10.11 gets stuck on dmg files, seems to continue to scan same files although the scanned files do count down extremely slowly.
    Scan log

    Sophos Anti-Virus
    Product version: 9.4.0
    Threat detection engine version: 3.61.0
    Threat data version: 5.20
    Release date: 13 October 2015
    Detects 10071653 threats
    Copyright © 1993-2012 Sophos Ltd. All rights reserved.

    Using IDE files:
    age-aoqx.ide age-aorz.ide age-aoss.ide age-aost.ide age-aosu.ide age-aosv.ide age-aosw.ide age-aour.ide age-aouy.ide
    age-aovo.ide age-aovs.ide age-aowh.ide age-aowu.ide auto-bec.ide auto-bem.ide auto-bey.ide bank-gmn.ide banl-cas.ide
    banl-cax.ide banl-cbd.ide bckd-rtl.ide bredo-zf.ide chisb-bh.ide darkc-aw.ide darkc-ay.ide darkc-az.ide dloa-dzi.ide
    docd-abc.ide docd-abo.ide docd-aci.ide docd-acp.ide docd-acs.ide docd-adc.ide docd-adi.ide docd-adn.ide docd-adq.ide
    docd-adx.ide docdr-gf.ide dofoi-bl.ide dride-gs.ide dride-gw.ide dride-gx.ide droda-be.ide dwnl-mwj.ide dyrez-jq.ide
    explo-bm.ide farei-md.ide farei-ne.ide farei-ni.ide farei-nj.ide farei-nm.ide farei-nq.ide farei-nx.ide farei-ol.ide
    farei-ow.ide farei-pf.ide farei-pq.ide farei-pr.ide graft-an.ide hitbro-a.ide inje-bru.ide java-zu.ide javab-yt.ide
    limit-br.ide limit-cg.ide limit-ch.ide limit-cq.ide lnk-q.ide lnk-r.ide loader-u.ide mdro-gyo.ide minidu-b.ide
    minidu-g.ide msil-eie.ide msil-eii.ide msil-eiv.ide msil-ekg.ide msil-ekh.ide msil-ekk.ide msil-eko.ide msil-ema.ide
    msildl-e.ide msili-ja.ide nemuco-e.ide nemuco-f.ide netwir-e.ide noanco-e.ide phpsh-be.ide rans-big.ide rans-bih.ide
    rans-bim.ide rans-biq.ide rans-bix.ide rans-bjb.ide rans-bjd.ide rans-bjp.ide rans-bjq.ide rans-bka.ide rans-bkg.ide
    rans-bkm.ide rans-bkn.ide rans-bkt.ide rans-bku.ide rans-bkw.ide rans-bkx.ide rans-bky.ide rans-bkz.ide rans-bla.ide
    rans-blj.ide rans-blr.ide rans-blu.ide rans-bma.ide rans-bmd.ide rans-bmf.ide rans-bmi.ide rans-bmn.ide ransmd-a.ide
    redlon-k.ide swf-ar.ide swfex-jd.ide swfex-jh.ide swfex-jj.ide tepfe-cr.ide tinyba-a.ide tofse-an.ide upatr-ts.ide
    upatr-tx.ide upatr-ue.ide upatr-uf.ide vb-iut.ide vb-ivf.ide vbe-ap.ide vbsdl-n.ide vbzbo-cl.ide vbzbo-cq.ide
    vbzbo-cr.ide vbzbo-cs.ide wonto-ts.ide xcdgho-b.ide xtrat-ad.ide yakbee-a.ide yakes-ce.ide zbot-kcl.ide zbot-kcp.ide
    zbot-kcu.ide zbot-kdg.ide zbot-kdi.ide zbot-kdl.ide zbot-kdv.ide zbot-kdz.ide zegos-hv.ide



    Scan name: "Scan Local Drives"
    Scan items:
    Configuration:
    Scan inside archives and compressed files: Yes
    Automatically clean up threats: No
    Scan for adware and potentially unwanted applications (PUA): Yes
    Automatically clean up adware and potentially unwanted applications (PUA): No
    Action on infected files: Report only
    Live Protection enabled: Yes

    Scan started at 2015-10-15 22:47:56 +0100

    New volume detected at /
    2015-10-15 23:14:16 +0100 Encrypted file: /Users/Simon/Library/Containers/at.appscape.degrees/Data/Music/iTunes/iTunes Media/Mobile Applications/Talking Tom 2.7.ipa

    Scan completed at 2015-10-16 00:14:42 +0100.
    606628 files scanned, 0 items detected, 1 issues

    However If  I open, Open Scans and click on the window that opens and select  then the options tab and I uncheck Scan archive and compressed files the scan completes  and is very quickly.

     

    https://www.sophos.com/en-us/medialibrary/PDFs/documentation/savmosx_9c_heng.pdf

     

    see top of page 13 on how to disable scanning in archive and compressed files which is enabled by default.