SophosScanD process consuming up to 95% CPU

Hi cayenne,

Your software should automatically update to the latest version (9.1.5 with threat detection data 5.06). The update requires an internet connection. Check the logs if you aren't seeing the update soon.

I had exactly the same thing happen to me and I'm really surprised and disappointed about how this has gone.

A week ago I had the same problem that everyone else had, my macbook started to overheat and my cpu usage was way too high.  After *much* searching I discovered it was the SophosScanD process that was out of control.  So I took the only steps I could at the time, I uninstalled it.

Today I went back to the thread and discovered that the problem has been fixed.  So I downloaded what I thought was the new version.  My macbook again immediately started to overheat.  With my cpu going crazy I thought I must have some other problem, it can't be Sophos, I just installed the new version.  I ran a check on my machine and found that once again it was SophosScanD out of control.  Frustrated and with my cpu going crazy and my machine overheating, I had to come back to this thread and read though the last few messages to discover that I am supposed to tell Sophos to do an update of the software I installed 10 minutes early.  I did that and restarted and everything now seems to be fine.

But I really cannot understand this.  If you have a backlevel version of the software that you know is broken and a new version that you know is working correctly then why in the world when I download a fresh install today would I receive the broken version??!!!  If I was not already familiar with the problem I would have been back in the same position I was last week, madly searching the internet to figure out what is wrong with my machine.  Or else I would have just uninstalled it and run for the hills looking for any antivirus software other than yours.

It's great that you've responded and you've fixed the problem quickly -- kudos on doing that.  You're embarrassed about the mistake and I can understand that.  But why do you continue to have people install the same broken software?  Even if you simply added a note on the download page saying something like: "Install this and then immediately do an update to fix a known problem", that would be a step in the right direction.  But why not just install the right version in the first place?  It's baffling to me.  For the second time in a week I was really frustrated.  Can someone please help me understand this?

Hello fingers,

Sorry you were frustrated with the installation process. Because the software automatically updates itself, most people would receive the updates that correct the problem without any further effort. Manually running "Update Now" will speed up that process, but its not strictly required due to the automatic updating feature.

I'm sorry but this doesn't really answer the question I asked.  Why not install the correct software in the first place rather than installing software that you know is broken?

I am having the same issue. Here is the output from top:

PID   COMMAND      %CPU  TIME     #TH   #WQ  #PORT #MREG MEM    RPRVT  PURG   CMPR VPRVT  VSIZE  PGRP PPID STATE    UID  FAULTS   COW    MSGSENT   MSGRECV   SYSBSD    SYSMACH   CSW       PAGEIN KPRVT  KSHRD  IDLEW   POWER USER
1139  SophosScanD  99.8  00:04.07 7/1   5/1  50    102+  117M+  116M+  0B     0B   196M+  2561M+ 1139 1    running  0    31429+   256    248       96        28374+    355+      234+      0      483K+  48K+   0       99.8  root
1132 

 I have tried an update now and am told that the software is up to date.

Sophos  Version 9.0.11

OSX 10.9.5 on a macbook Pro late 2011 with Intel Core i7 and 16GB RAM

Hello davidannis,

9.0.11 is definitely not the current version - you should have 9.1.5. Check your network settings to ensure your Mac can reach our update servers.

Bob, FYI, this just happened to me for the first time *after* updating to 9.1.5.  9.1.4 was working but wasn't updating to 9.1.5 with my daily manual "Update Now" (instead of enabling automatic updates), so I manually installed it from savosx91_he.zip, then the looping began:

-----

10/2/14 3:38:30p    scanserver[222]    [SMEScanOperation.m:115] SAVI initialization failed
10/2/14 3:38:30p    scanserver[222]    [SMEPoolManager.m:139] worker init failed... shutting down
10/2/14 3:38:30p    scanserver[222]    [main.m:136] Scan server shutting down...
10/2/14 3:38:30p    scanserver[222]    [main.m:159] Server stopped
10/2/14 3:38:30p    com.apple.launchd[1]    (com.sophos.scan) Throttling respawn: Will start in 1 seconds
10/2/14 3:38:31p    scanserver[223]    [main.m:119] server started!

[...repeat...]

-----

Thankfully, performing a manual "Update Now" from within 9.1.5 finally fixed it.  So it seems that the 9.1.5 in savosx91_he.zip both lacks all of the necessary components of the fix and won't go get them if automatic updates are disabled....

The high CPU usage problem seems to be back. 

I am running Version 9.2.4 Sophos Anti Virus

Threat detection engine: 3.58.1

Threat data: 5.14

using Yosemite OS 10.10.3 on a Macbook air (mid-2011). 

A few weeks (month or so) back Sophos Anit-Virus started using very high CPU usage 85 - 95%, sometimes 98%, constantly. While there are other CPU usage culprits (Chrome), the timing of Sophos high CPU usage and the sudden draining of battery for the past two weeks makes me wonder if there's still a scanning issue with Sophos. Any help is appreciated.

---

seolds wrote:

A few weeks (month or so) back Sophos Anit-Virus started using very high CPU usage 85 - 95%, sometimes 98%, constantly. While there are other CPU usage culprits (Chrome), the timing of Sophos high CPU usage and the sudden draining of battery for the past two weeks makes me wonder if there's still a scanning issue with Sophos. Any help is appreciated.

---

We are not aware of any issues although you should check the scanning log "/Library/Logs/Sophos Anti-Virus.log" for any errors related to starting the scanner.

I looked at the logs and, I'm not sure what I should be looking for. It looks like the last date was April 20, 2015. When I go into the application and manually try to do a scan, it fails. And yet, SophosAntiVirus pops up in %CPU as 85 - 99% CPU every few seconds. Its running from root. If I were to try to kill the program and restart it, which process would I use?