Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 9 subscribers
  • Views 56317 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat with no filename/path, can't be removed. So what do I do?

clemactica

I occassionally get entries like this in my log:

com.sophos.intercheck: 2013-09-20 13:17:37 -0400 Threat: 'Mal/DrodZp-A' detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:

There is no filename/path ("detected in" is all the log says -- eol) so I can't view in finder and attempts to remove hang/fail as would be expected. If I remove from the quarantine list, it'll just show up again later.

I have Time Machine/Time Capsule and I suspect it's something in a backup file on that volume but that's just my wild guess -- it is weird that Sophos finds it, doesn't/can't indicate the location, offers removal as an option, but is unable to remove it.

  1. Anyone have any insight into what this is (the "no file/path" aspect of the result, not the trojan itself)?
  2. Recommended course of action?

I've searched a bunch on this forum and haven't seen a definitive explanation for the null filename/path.

Thanks!

:1013519


This thread was automatically locked due to age.
  • 0
    I have exactly the same problem, only it is for SpiGot or Generic PUA DJ. Originally I was able to find and remove these infections from both my Hard Drive and my Time Machine Backups but now Sophos keeps warning me about a threat with no filepath and when I go into the Quarantine Manager, there is no threat there!
  • 0
    Has anyone been able to solve this? I'm running into a similar/same problem:

    The SAV log indicates:

    2015-12-04 09:01:00 -0800 Threat: 'Troj/Mdrop-HAC' detected in
    com.sophos.intercheck: Access to the file denied


    I've detailed my issue here: community.sophos.com/.../33670
  • 0
    I tried turning off Time Machine, waiting 15 minutes for the Time Machine cache to clear, and then re-started my MAC-Mini. But, alas, Mal/Dyreza-AC popped up again. Surely Sophos can correct this problem...there's no file on my drive.
  • 0

    "For now, you can simply remove these entries from your QM and ignore them."

    This is not acceptable. The threat warnings are intrusive, frequent and disruptive. Fix your software. It is broken & you should be ashamed.

    :1020926
  • 0

    And in fact I am having the same problem - the same 2 trojans that cannot be cleaned up its driving me nuts - I have deleted a years worth of backups in my time machine and external drive but it just keeps popping up I too am thinking I might just have to uninstall sophos as I actually believe that this is false reporting

    :1019499
  • 0

    That doesn't work.  Tried to select Clear From List but it doesnt remove it from the list.

    :1019453
  • 0

    Threats listed without a filename are almost always coming from a Time Machine backup. Apple changed the behavior of their Time Machine storage mechanism and it often does not return proper filepath information to non-Time Machine applications (the filesystem API returns an empty string for the full path). We have changes in the most recent version (9.1.5) to skip Time Machine volumes for the on-access scanner. Any threats that are present in your backup would be discovered when you try to restore them, and of course that will tell you the full path in the normal disk.

    For now, you can simply remove these entries from your QM and ignore them.

    :1019447

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0

    I am also having this same problem.  I just downloaded this program after hearing rave reviews on the Apple Support web site.  So far I'm less than thrilled.  Does anyone have a solution for this problem that does not involve spending hours rescanning my system for the umpteenth time, or as someone else commented, should I just uninstall Sophos.

    :1019349
  • 0

    Issues detected is mentioned lots of times on here - please search for a previous thread.

    For the disappearing path/folder issue: It could be down to the location of the file detected.  Some suggestions:

    - Try the ‘‘‘‘Reveal in Finder’’’’ button.
    - If you haven’’’’t already done so: Clear the item from the Quarantine Manager. Then rescan the Mac to see if the item is detected again.
    - Cancel any current scan, disconnect external drives (like backup drives etc.), close down other applications, and then re-scan the Mac (as a test to see if it helps).

    :1019341

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    I have the same type of problem, specifically with a mal/generic-s file.  Additionally, I have some macs that are scanning that report "issues detected" but there is nothing showing up in the Quarantine Manager.  I have tried to clean up the mal/generic-s threat but it keeps failing.  I do not get an option message for manual removal.

    :1019333
Unfiltered HTML