Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 6 subscribers
  • Views 81419 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues detected but no threats found

milkman

After Sophos scanned my computer today no threats were found, but issues were detected. However, there was nothing to fix in my quaratine manager. How do I find out what the issues are, and how can I fix these issues?

:1012972


This thread was automatically locked due to age.
  • 0
    I've got the same issue on my machine (once I could get the scan to even finish) Computer locked up 4 times during scans and once I got it to finally complete, it showed that there were errors...but nothing saying what those errors were.

    Currently on 10.7.5, Version 9.0.1, Threat Engine 3.45.0
    :1012994
  • 0

    I am having the same problem. Looking through the log has provided no help at all. There is no indication of what/where the issues are so I have no idea how to fix them. Help!

    :1013092
  • 0

    Does the same thing happen on subsequent scans?

    :1013094
  • 0

    Yeah, specialized scans and all-system wide scans (if they don't freeze up) still give that sort of error.

    Here's a screencap of a scan just of a Downloads folder, for example.

    :1013106
  • 0

    OK...I've recreated this.

    The 'issues' are nothing to worry about - it's just naff that the frontend blurts out 'Issues detected' without allowing more detail in the user interface.

    The 'issues' will be things like corrupt files, encrypted files, or anything the scanner has a problem with. 99.99999% of the time they are no problem at all.  It's expected behavior (feel free to debate that it's really not the scanners fault).

    You said you ran a scan of the Downloads folder.  Therefore...

    1. Start the scan of the Download folder again.
    2. While that is running open Console (from Spotlight search for 'Console').
    3. On the left side of Console select/expand 'Sophos Anti-Virus' > Scans > theNameYouGaveTheScan > then select the most recent date and time.
    4. Flick back to SAV and watch for the 'Issues detected' warning to appear.  Then stop the scan.
    5. Flick back to Console and 'reload' the log.
    6. Look through the output of the scan and note any mention of 'Corrupt file:...' or 'Encrypted file:...'

    Any file the scanner has a problem with (for a genuine reason) cause an error and SAV (on the frontend) displays 'Issues detected'.

    These really are nothing to worry about - you're safe. :smileyhappy:

    If you want another method to the above (maybe this is simpler) you can open Terminal (search with Spotlight for 'terminal'), run...

    sweep ~/Downloads

     Note: for me to get some issues I ran..

    sweep ~/Library/Containers

     ...which is pretty quick to complete.

    ...and wait for the scan to complete.  The summary will mention 'X errors were encountered' 'X encrypted files were not checked' etc.  Example:

    28332 files swept in 1 minute and 43 seconds.
57 errors were encountered.
1 virus was discovered.
1 file out of 28332 was infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
2 encrypted files were not checked.
Ending Sophos Anti-Virus.
    :1013108
  • 0

    Now that was helpful! (though I wonder why we don't just run that sort of scan instead of the hours-long ones that lock up!)

    The Downloads scan came up clean and the Library one listed 63 errors but no Viruses.

    So...it seems at least the system seems clean enough?  Is this an error that the team can fix up, or is this just something that'll happen from what you can tell?

    Thanks for the help so far, it's appreciated!

    :1013138
  • 0
    Kaide wrote:

    So...it seems at least the system seems clean enough?  Is this an error that the team can fix up, or is this just something that'll happen from what you can tell?

    Yep - no virus means the system is clean.  I guess Sophos could have chosen to not report them (hide them from being shown) but it's more honest and accurate to say 'there where a few files the scanner couldn't scan'.  I wouldn't put it pass some AV programmers to gloss over these things to avoid negative questions of perfectly reasonable behavior.

    There are always going to be files on the system that SAV can't fully read.  If it's encrypted then that's expect - who wants would truly want SAV to hack into personal files in the name of system safe (that's like the cops raiding your house once a week just to have a look around).  And if the scanner can't get into a 'corrupt' file (malformed file with the wrong headers, etc.) it isn't goes to be doing harm to the system - the OS wouldn't know how to use it either so it can't execute on its own.  Another application may use it (as it may know how to work with the format) but chances are it's not malware - and if it is then than program has to present itself properly to the OS so it can execute and SAV will be catching that with the real time scanner immediately.

    In a word - safe. 

    :1013140
  • 0

    Well, I'm glad that's at least a solution for the moment then.  It's a bit odd that they wouldn't have mentioned it but I guess hindsight is 20/20.  At least we've got a solution for now and the knowledge that the system can be checked and doesn't have something (that we know of) hiding about.

    Thanks again for your help, it's been very appreciated!

    :1013144
  • 0

    If you also put sweep ~   (leave the rest blank) It does the whole machine!

    Kaide wrote:

    Well, I'm glad that's at least a solution for the moment then.  It's a bit odd that they wouldn't have mentioned it but I guess hindsight is 20/20.  At least we've got a solution for now and the knowledge that the system can be checked and doesn't have something (that we know of) hiding about.

    Thanks again for your help, it's been very appreciated!

    :1016019
  • 0

    Thanks for the tip ... worked for me.  A note, though: the 'encrypted' files found were actually password-protected MS Word documents. However, SAV seemed to have no trouble with password-protected PDF documents.

    Dan

    :1017339
Unfiltered HTML