SophosScanD process consuming up to 95% CPU

Bob Cook you are good man , and I thank you very useful to work again and virus safe . I wanted to replace it with a VM sandbox and chrome anti- virus , but u save the day

Hi, this is Dan Schiappa, Senior Vice President and General Manager of the EndUser Security Group at Sophos.  I am so proud to see so many dedicated users of our Mac product on this forum.  I'm not so proud when we have an issue that provides you with a poor experience.  I want to personally apologize for that.  We hope to continue having all of you as dedicated Sophos customers and know that we will continue to invest in quality and innovation on the Mac platform and I believe will continue to have the most secure product in the market and will continue to get better and better because of the hardword of our team, coupled with the voice of our great customers.  Thank you for your frank feedback, for holding us accountable to providing you with a product that meets your expectations (and I hope exceeds them) and for being loyal and great customers!

Now how did we get here....Version 9.0.11 of our free Mac Home Edition was released in early May, and contained a version of the virus detection data (VDL) that expired on September 15, 2014. In addition, version 9.0.11 contains a flaw that causes the Web Protection download scanning daemon (SophosScanD) to repeatedly restart when the VDL data expires, leading to excessive CPU usage.

At 4 PM PDT on September 15, 2014, Sophos published an updated version (9.1.5) to all Mac Home Edition users. This version contains an updated VDL set, corrects the defect in SophosScanD that led to this problem in 9.0.11, and contains improvements to ensure that future updates to the VDL package can be delivered without requiring a product update like we had on September 15th. Since the release of version 9.1.5, users have been automatically receiving this latest update which fully corrects the problem. 

In addition to being embarrassed by this event, we have reviewed and amended our internal procedures so that this type of failure doesn’’’’t happen again.

---

bobcook wrote:

---

sumguy wrote:

Well, it looks like this problem (or a similar one) was reported already back in June. Also, after updating to 9.1.5, I was still getting the same behavior, at least for a while. See this topic:

openforum.sophos.com/.../18029

So, just fyi, there seems to be still some conditions under which 9.1.5 will display the same high CPU and restarting.

---

Can you tell me what version numbers get displayed in the About box when you see this issue? Ensure that our product is fully updated, you should recieve new detection data regularly, keeping your system up to date ensures you never receive the end-of-life warning that triggered this problem in 9.0.11.

---

I installed 9.1.5 from http://downloads.sophos.com/home-edition/savosx91_he.zip as per the instructions in the other thread.

After installing, the version numbers were:

version 9.1.5
threat detection engine 3.53.1
threat data 5.00

...and I was still getting the 95% CPU and restarting problem with 9.1.5.

Then after some time I guess it auto-updated the threat data:

version 9.1.5
threat detection engine 3.53.1
threat data 5.06

...and after that it was running stable.

Thanks so much for your quick, transparent and effective response to this issue -- great customer support!

---

gpr wrote:

Thanks so much for your quick, transparent and effective response to this issue -- great customer support!

---

Seconded, I've had much worse service than this from people I pay a lot of money to.

I also have stopped the process with this code:

sudo launchctl remove com.sophos.scan

But I can't reinstall a new version of Sophos AV, I get an error message to uninstall first the installed software. But I already have removed Sophos AV. But if I use "Remove Sophos Anti-Virus" once again and the remove is correct and confirmed I yet can't install a newer version of Sophos AV.

And although I have removed Sophos AV from my mac I still see in the activity indicator some Sophos processes running.

How can I solve this problem?

Best

Thobie

Hi Thobie,

I'd suggest looking into the installer log (/var/log/install.log) for some messages about failures from the Sophos Installer. Feel free to send me the log, if its not showing an obvious error condition.

Hello, Bob,

thanks, I have deleted the folder that you have mentioned, the installation process worked fine and I could install Sophos.

Now I have updated Sophos to Home Edition version 9.1.5, Threat Detection Engine: 3.53.1, Threat-Daten: 5.06

So I think the problem with the never ending process that led to this thread will no more occur?

Best

Thobie

---

Thobie wrote:

So I think the problem with the never ending process that led to this thread will no more occur?

---

Yep, you are now running a version where the problem will no longer occur.

HI Bob,
Am new to Sophos, just downloaded today, but my version says is 9.0.8 - according to this user THOBIE he installed a later version prior to today -

Home Edition version 9.1.5, Threat Detection Engine: 3.53.1, Threat-Daten: 5.06

So why did I not get that version instead of 9.0.8, and will I also have issues with CPU as described in this thread?

thank you for your help.