Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 12469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Phantom Detection

hellohgjytrjytr

Using free Sophos anti virus v 9.2.2 with OSX Yosemite.

In Preferences: Sophos is set to scn inside archives and compressed files but not to scan files on networked volumes.

I was getting some Sophos detections associated with email attachment which cleaned up. Changed email settings so that attachments do not download.

Now getting a "phantom detection"!!??

Sophos advises that it has detected something.

When I go to Qurantine Manager there is initially an entry  - threat type Troj/DocDi-FF but there is no entry in the file name column. Then approx 10 secs after going to Quarantine manager the entry disappears - I have done nothing. Under Action Available "Clean up" was showing but entry disappeared before I had a chance to do anything.

If I do a full scan - "Scan this Mac" nothing is detected.

No HDD's attached to Mac. I have Synology NAS on LAN with Time Machine backups but nothing else (Mac is new so still setting up).

But "phantom detection" keeps recurring.

Can someone advise what is happening??

How do I fix??

Many thanks

PS: New to Sophos

:1020237


This thread was automatically locked due to age.
  • 0

    Hi dogdog

    I think looking at the logs might give you a bit more information on what's goin on here. We have a video here  that will give you a quick rundown on how to look at the logs. Can you give that a try and let us know what you find?

    :1020246
  • 0

    I think that it may be something in the Time Machine backups which are on a NAS.

    In settings I have no tick in Scan "Files on network volumes" but in the log file there are the following entries.

    New volume detected at /Volumes/Time Machine Backups
    New volume detected at /

    Presumably "Volumes/Time Machine Backups" are the backups but Time Machine Backups are on a NAS so I would have expected them to be excluded based on my settings??

    What is "New volume detected at /"??

    Any thoughts/advice.

    Many thanks.

    :1020247
  • 0

    I think the Time Machine Volume might show up as a regular volume if even it's on a NAS, and we don't automatically exclude time machine volumes in on-demand scanning. 

    Here's another video, which should help you make sure you have the desired exclusions set up. Can you give that a watch and let me know how it goes?

    :1020248
  • 0

    I had seen that video but although it mentioned Time Machine I had thought that it would be excluded as it was on a NAS rather than a directly attached HD. Obviously I was wrong.

    I have now specifically excluded the folders on the NAS.

    :1020254
  • 0

    Great, let us know if you have any other questions!

    :1020255
Unfiltered HTML