Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 9 subscribers
  • Views 56292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat with no filename/path, can't be removed. So what do I do?

clemactica

I occassionally get entries like this in my log:

com.sophos.intercheck: 2013-09-20 13:17:37 -0400 Threat: 'Mal/DrodZp-A' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:

There is no filename/path ("detected in" is all the log says -- eol) so I can't view in finder and attempts to remove hang/fail as would be expected. If I remove from the quarantine list, it'll just show up again later.

I have Time Machine/Time Capsule and I suspect it's something in a backup file on that volume but that's just my wild guess -- it is weird that Sophos finds it, doesn't/can't indicate the location, offers removal as an option, but is unable to remove it.

  1. Anyone have any insight into what this is (the "no file/path" aspect of the result, not the trojan itself)?
  2. Recommended course of action?

I've searched a bunch on this forum and haven't seen a definitive explanation for the null filename/path.

Thanks!

:1013519


This thread was automatically locked due to age.
Parents
  • 0

    Threats listed without a filename are almost always coming from a Time Machine backup. Apple changed the behavior of their Time Machine storage mechanism and it often does not return proper filepath information to non-Time Machine applications (the filesystem API returns an empty string for the full path). We have changes in the most recent version (9.1.5) to skip Time Machine volumes for the on-access scanner. Any threats that are present in your backup would be discovered when you try to restore them, and of course that will tell you the full path in the normal disk.

    For now, you can simply remove these entries from your QM and ignore them.

    :1019447

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Reply
  • 0

    Threats listed without a filename are almost always coming from a Time Machine backup. Apple changed the behavior of their Time Machine storage mechanism and it often does not return proper filepath information to non-Time Machine applications (the filesystem API returns an empty string for the full path). We have changes in the most recent version (9.1.5) to skip Time Machine volumes for the on-access scanner. Any threats that are present in your backup would be discovered when you try to restore them, and of course that will tell you the full path in the normal disk.

    For now, you can simply remove these entries from your QM and ignore them.

    :1019447

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Children
No Data
Unfiltered HTML