Hello.
I just downloaded and installed savosx_he_r.zip, from www.sophos.com/.../sophos-antivirus-for-mac-home-edition-legacy.aspx, into an updated Mac OS X v10.8.5 machine. I like it so far, but is there a way to disable its memory resident? I only want to use it for manually updating, scanning, and cleaning.
Thank you in advance. :)
OK, but how do I have its processes not loaded when not in used like after rebooting? I still see them according to an updated Mac OS X v10.8.5's Terminal:brvx said:Same answer I already gave.
$ ps aux |grep sopho
_sophos 134 0.0 9.3 2656412 194092 ?? Ss 11:49AM 0:08.36 SophosScanD
_sophos 132 0.0 0.3 2468372 5548 ?? Ss 11:49AM 0:00.05 SophosWebIntelligence
admin 226 0.0 0.0 2432768 588 s000 S+ 11:50AM 0:00.00 grep sopho
I only want them to show up when running AV manually, and then they go away after quitting it.
I have the same question like the topic opener. – Meanwhile with Sophos Home Edition (mac) v. 9.6.6.
I want to activate any Sophos process manually only. Therefore in Sophos preferences I have unselected any option for live scanning: On-Acess / Auto-Update / Live / Web (2x).
But still I see 9 processes taking RAM memory with a total ammount of ca. 460 MB. [in mac os Activity Monitor.app]
Those 9 processes also appear with CPU usage of total 0,3 %.
The minimal CPU usage doesn't disturb me – but I'd appreciate Sophos not to use 460 MB of RAM as long there is no task to do.
How to stop Sophos RAM usage with unselected live-processes?
Thank you Christian,
sorry, your "isn't on-demand" plus "be able immediately" sounds contradictionary to me:
Why should Sophos (with disabled live) react immediately if it is not exspected to react on-demand?
Or other way: What would be the dis-advanteage if the application wouldn't stay in RAM without any demanded task?
Thomas
Hello Thomas,
sorry, should have detailed it to make it clearer.
But first some words on Sophos' terminology:
Sophos used to call automatic scanning of a file that is opened/closed by an application On-Access Scanning. As of late they are calling it Real-Time Protection. The term Live Protection refers to the scanner's ability to consult "the cloud" to obtain the latest verdict on suspicious items, upload samples, and fetch current protection data that have not yet been delivered by an update. As far as I can see this feature is not exposed in the Home version.
It is recommended that you leave Real-Time Protection turned on. When I said immediately commence I was referring to situations where Real-Time has temporarily been turned off for whatever reason and its subsequent resumption. The definitions have to be loaded from disk and appropriately prepared before the scanner can start its work (and this data stays in memory to minimize overhead). As this loading takes some time actual protection wouldn't be available for several seconds after turning it on again.
Of course this also speeds up the start of on-demand (not sure if Scan this file/folder - aka Finder Scan - is still available with the Home version) scans but this is not the main purpose.
the dis-advanteage
the disadvantage would be significantly extended start-up times. But as said, it's not designed to be used just for occasional on-demand scans.
Christian
Hello Christian,
thanks for your input about Sophos' terminology. Unfortunately the used terms in my installed version (*) appear different to your discription. Main difference is probably the Feature "Auto-Update" which seems to be the "Live Protection" in your description.
This just made me aware of another weirdness: Though I have "Auto-Update" unselected in prefs it appears "on" some way: it just shows an update from 3 days ago (whereas my last manualy use of Sophos was 7 days ago and all automatic features are unchecked).
I do know now that ...
... Sophos is not meant for manually on-demand usage.
... Sophos always keeps RAM even if there is no task to do.
... this permanent RAM usage might shorten startup time as soon a task should get startet.
But still I do not understand, why this is a must-have for the user. – Otherwise every application on a computer could want to keep itself in RAM for the reason to be faster as soon it shall start. That does not make sense to me – and, sorry, I do not see a relevant dis-advantage if an occasional start of Sophos would take more time. Sophos is an app for background processes, not for user interactive work.
– So, why should it not may take a while to start – since I agree by deselecting its auto-features?
(*) "Home Edition Version 9.6.6"
Thomas
Hello Thomas,
Auto-Update refers to automatically updating definitions (new ones are provided every few hours), the definition database (once a month), engine and software updates to disk (local storage). Live Protection (if enabled) is a feature where certain definitions - when they match on a file - instruct the scanner to consult "the cloud" for any potential updates that have not yet been delivered by the regular updates.
Sophos is an app for background processes
AV (not Sophos in particular) is usually designed to proactively protect a user (and the system) from malicious activity - before some malware can spring into action. Therefore when a process (a user) attempts to open a file the open is intercepted, the file is scanned (real-time scanning), and depending on the results the open allowed to continue or blocked. Won't help much if you start an on-demand scan after you have noticed that "somethings going on".
You don't install a burglar-alarm in your house just to disable it and only turn it on every now and then to check whether you've left a door open or a window is broken. You might agree to have it turned off most of the time it'll likely be on stand-by.
Christian
