This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9.4 hanging on every scan

I have run Sophos Anti-virus on my Mac laptop several times now and every time it hangs half-way through the scan. From what I can tell, it is hanging on the exact same file each time. I get no message of any kind, just the progress bar showing how far along it is and the number of files scanned. I am running Yosemite on my Mac. Any help would be appreciated.

Thanks,


Darin



This thread was automatically locked due to age.
Parents
  • Hello all,

    starting with 9.4.0 we enabled scanning of "xar" compressed dmg files .Xar (short for eXtensible ARchive format) is an open source file archiver and the archiver’s file format. It was created within the OpenDarwin project and is used in Mac OS X for software installation routines, as well as browser extensions in Safari. Xar replaced the use of gzipped pax files.

    Scanning these dmg files can be an extensive process, since the complete dmg is extracted and inside files are scanned. Other
    timely scanning operations are dmg or archives containing java classes.

    For example: the JDK dmg can take up to 15 minutes to scan, depending on system resources.

    The scans most likely will finish. In order to speed up on-demand scanning the user can do one of the following things:

    a) disable archive scanning (not recommended)

    b) add an exclusion for dmg files, like *.dmg

    Frank Fenn
    Sr. Software Engineer
  • Thank you. How do I add that exclusion and what are any potential downsides?

    Thanks.
  • actually it's looking through all of them, and doing it on the same loop as before.
  • oddly enough, if you have sophos scan *only* .dmg files, it goes through them without issue; this is only happening when its part of a whole mac scan
  • Hi Neil,

    Hmm... that's odd.

    This is an ugly workaround, but maybe you could ry stuffing all your DMG files into a single directory, and then adding an exclusion just for that directory? Obviously a real fix is preferable but I'm curious if that would work.

    Also, can you post a screenshot of your exclusions list? I'm sure you added the correct thing but I'd just like to double check. 

    Thanks,

    Serra

  • Yeah I can try to get a screenshot of it, though obviously I would expect Sophos to be able to do a full scan of the entire computer without building elaborate exclusions and directories full of files it inexplicably cannot scan. This is especially true for .dmg files which would be part and parcel of applications I download from the internet.
  • Hi Neil,

    Your expectations are more than fair! I'm just trying to gather evidence of the issue so that our engineers can investigate the root cause more effectively.

    Thanks so much for your patience,
    Serra
  • Here's the screenshot of the exception

  • Serra,
    What is Sophos trying to do to fix the issue? Surely, an effort would be being made to recreate the problem.

    The AV works fine on my Mac mini but hangs on my iMac. A key difference between the computers is that the iMac has a Fusion drive, whereas the Mac mini doesn't.

    Yesterday I let it do a whole scan without stopping it and after 14 hours it was still not complete.
  • What's up? Any movement on a fix? Thanks :-)
  • Mine is the reverse: The MacMini has a fusion but the MacBookPro (circa 2011) doesn't. Both running El Capitan. MacMini is fine; MBP stalls at same place, no file name now... but Sophos logo spinning. Ran it for 14 hrs overnight. Both have 9.4.1 as well. Same settings too. (local only, etc )
  • Did you find out the steps? I'm assuming On-Access>Excluded Items > add, *.dmg. Would be nice to have a confirmation though.
Reply Children