Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 68 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 707379 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9.4 hanging on every scan

DarinFennell

I have run Sophos Anti-virus on my Mac laptop several times now and every time it hangs half-way through the scan. From what I can tell, it is hanging on the exact same file each time. I get no message of any kind, just the progress bar showing how far along it is and the number of files scanned. I am running Yosemite on my Mac. Any help would be appreciated.

Thanks,


Darin



This thread was automatically locked due to age.
Parents
  • 0
    Hello all,

    starting with 9.4.0 we enabled scanning of "xar" compressed dmg files .Xar (short for eXtensible ARchive format) is an open source file archiver and the archiver’s file format. It was created within the OpenDarwin project and is used in Mac OS X for software installation routines, as well as browser extensions in Safari. Xar replaced the use of gzipped pax files.

    Scanning these dmg files can be an extensive process, since the complete dmg is extracted and inside files are scanned. Other
    timely scanning operations are dmg or archives containing java classes.

    For example: the JDK dmg can take up to 15 minutes to scan, depending on system resources.

    The scans most likely will finish. In order to speed up on-demand scanning the user can do one of the following things:

    a) disable archive scanning (not recommended)

    b) add an exclusion for dmg files, like *.dmg

    Frank Fenn
    Sr. Software Engineer
  • 0 in reply to frankfenn
    Thank you. How do I add that exclusion and what are any potential downsides?

    Thanks.
  • 0 in reply to BenLewis

    Hey Ben,

    You can read all about adding exclusions here (page 8). I actually just learned you could add the wildcard exceptions (like the ones frank suggested) so I guess I can check off my "learned something new" box today.

    How to do it wasn't super obvious to me so I made this fancy graphic. You can access this panel if you click on the Sophos shield > Open preferences... 

    As for what to add, you can either add an exception for ALL DMG files (by adding *.dmg) or else just adding specific dmg files that the scanner seems to get stuck on.

    As for the potential downsides - well, it means that .dmg files aren't going to be scanned as part of your regular scans. But that doesn't mean you have to avoid scanning them altogether - for example, when you download a file from the Internet, it will still be scanned for malicious content when you're downloading it, thanks to Web protection. 

    Hopefully that helps, but let me know if you have any other questions.

  • 0 in reply to serra
    Serra:

    i added a *.dmg exclusion to the scan, but it didn't take. The scan I'm running now is still looking through .dmg files, specifically the .dmg file for apache open office.
  • 0 in reply to neilb422
    actually it's looking through all of them, and doing it on the same loop as before.
  • 0 in reply to neilb422
    oddly enough, if you have sophos scan *only* .dmg files, it goes through them without issue; this is only happening when its part of a whole mac scan
  • 0 in reply to neilb422

    Hi Neil,

    Hmm... that's odd.

    This is an ugly workaround, but maybe you could ry stuffing all your DMG files into a single directory, and then adding an exclusion just for that directory? Obviously a real fix is preferable but I'm curious if that would work.

    Also, can you post a screenshot of your exclusions list? I'm sure you added the correct thing but I'd just like to double check. 

    Thanks,

    Serra

  • 0 in reply to serra
    Yeah I can try to get a screenshot of it, though obviously I would expect Sophos to be able to do a full scan of the entire computer without building elaborate exclusions and directories full of files it inexplicably cannot scan. This is especially true for .dmg files which would be part and parcel of applications I download from the internet.
  • 0 in reply to neilb422
    Hi Neil,

    Your expectations are more than fair! I'm just trying to gather evidence of the issue so that our engineers can investigate the root cause more effectively.

    Thanks so much for your patience,
    Serra
  • 0 in reply to serra

    Here's the screenshot of the exception

  • 0 in reply to serra
    Serra,
    What is Sophos trying to do to fix the issue? Surely, an effort would be being made to recreate the problem.

    The AV works fine on my Mac mini but hangs on my iMac. A key difference between the computers is that the iMac has a Fusion drive, whereas the Mac mini doesn't.

    Yesterday I let it do a whole scan without stopping it and after 14 hours it was still not complete.
Reply
  • 0 in reply to serra
    Serra,
    What is Sophos trying to do to fix the issue? Surely, an effort would be being made to recreate the problem.

    The AV works fine on my Mac mini but hangs on my iMac. A key difference between the computers is that the iMac has a Fusion drive, whereas the Mac mini doesn't.

    Yesterday I let it do a whole scan without stopping it and after 14 hours it was still not complete.
Children
  • 0 in reply to DavidMcGuire
    Mine is the reverse: The MacMini has a fusion but the MacBookPro (circa 2011) doesn't. Both running El Capitan. MacMini is fine; MBP stalls at same place, no file name now... but Sophos logo spinning. Ran it for 14 hrs overnight. Both have 9.4.1 as well. Same settings too. (local only, etc )
Unfiltered HTML