This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

worrisome scan behavior

As a macbook user of the Sophos free home anti virus program, I am very concerned about the untypical scanning behavior I experienced last night and today. Normal full scans take between 1-2 hours, but last night's scan lasted over 24 hours! I finally stopped the scan this morning with about 80,000+ files left to scan (where a number of programs seemed to continuously loop). The extensive log of "issues detected" consisted of adobe flash corrupted files and encrypted files plus something I'd never seen before called "InstallCore" (as url links).

Clicking on the Quarantine Manager brought up a window headed with "InstallCore" and a list of urls to be "cleaned". ("InstallCore" was also listed on the left of the window, under "Adware and PUAs"). The instructions said the listed malware could be cleaned automatically, so I clicked on the "clean automatically" option. In a few minutes, a response appeared at the bottom of the list saying that the cleanup must be done manually.

As I searched Sophos support for instructions (with the Quarantine Manager window open), the contents of the window disappeared: the InstallCore header, the InstallCore link on the left (under the "Adware and PUAs header), everything vanished as though by direct deletion! Why was InstallCore on my computer at all since the support material says it only works on a specific version of Windows?? I didn't download it; I didn't even know about it. Was it circulated accidentally as an update? And how valid was the scan since the Quarantine Manager window contains no files?

What caused the "InstallCore" contents of the Quarantine Manager to disappear? Was/is my computer being used without my knowledge as a beta test for this program?



This thread was automatically locked due to age.
Parents
  • Hi Casey,

    So sorry about the slow reply on this post.

    One thing you should check out are the scan logs:

    - Click the Sophos menu bar Icon
    - Click on Open Scans... 
    - Alt-click the white space by "Scan this mac" and select View Scan Log...

    This will open the Scan Log in an application called Console. The scan log gives you detailed information about the most recent scans, such as start time, what was scanned, scan configuration, any threats that were detected, etc. Perhaps looking at this will give you some insight as to where the file was located on your hard drive / where it came from.

    Hope that helps, but please let me know if you have any other questions.

    Cheers,
    Serra
Reply
  • Hi Casey,

    So sorry about the slow reply on this post.

    One thing you should check out are the scan logs:

    - Click the Sophos menu bar Icon
    - Click on Open Scans... 
    - Alt-click the white space by "Scan this mac" and select View Scan Log...

    This will open the Scan Log in an application called Console. The scan log gives you detailed information about the most recent scans, such as start time, what was scanned, scan configuration, any threats that were detected, etc. Perhaps looking at this will give you some insight as to where the file was located on your hard drive / where it came from.

    Hope that helps, but please let me know if you have any other questions.

    Cheers,
    Serra
Children
No Data