Hello.
I just downloaded and installed savosx_he_r.zip, from www.sophos.com/.../sophos-antivirus-for-mac-home-edition-legacy.aspx, into an updated Mac OS X v10.8.5 machine. I like it so far, but is there a way to disable its memory resident? I only want to use it for manually updating, scanning, and cleaning.
Thank you in advance. :)
I have the same question like the topic opener. – Meanwhile with Sophos Home Edition (mac) v. 9.6.6.
I want to activate any Sophos process manually only. Therefore in Sophos preferences I have unselected any option for live scanning: On-Acess / Auto-Update / Live / Web (2x).
But still I see 9 processes taking RAM memory with a total ammount of ca. 460 MB. [in mac os Activity Monitor.app]
Those 9 processes also appear with CPU usage of total 0,3 %.
The minimal CPU usage doesn't disturb me – but I'd appreciate Sophos not to use 460 MB of RAM as long there is no task to do.
How to stop Sophos RAM usage with unselected live-processes?
Thank you Christian,
sorry, your "isn't on-demand" plus "be able immediately" sounds contradictionary to me:
Why should Sophos (with disabled live) react immediately if it is not exspected to react on-demand?
Or other way: What would be the dis-advanteage if the application wouldn't stay in RAM without any demanded task?
Thomas
Thank you Christian,
sorry, your "isn't on-demand" plus "be able immediately" sounds contradictionary to me:
Why should Sophos (with disabled live) react immediately if it is not exspected to react on-demand?
Or other way: What would be the dis-advanteage if the application wouldn't stay in RAM without any demanded task?
Thomas
Hello Thomas,
sorry, should have detailed it to make it clearer.
But first some words on Sophos' terminology:
Sophos used to call automatic scanning of a file that is opened/closed by an application On-Access Scanning. As of late they are calling it Real-Time Protection. The term Live Protection refers to the scanner's ability to consult "the cloud" to obtain the latest verdict on suspicious items, upload samples, and fetch current protection data that have not yet been delivered by an update. As far as I can see this feature is not exposed in the Home version.
It is recommended that you leave Real-Time Protection turned on. When I said immediately commence I was referring to situations where Real-Time has temporarily been turned off for whatever reason and its subsequent resumption. The definitions have to be loaded from disk and appropriately prepared before the scanner can start its work (and this data stays in memory to minimize overhead). As this loading takes some time actual protection wouldn't be available for several seconds after turning it on again.
Of course this also speeds up the start of on-demand (not sure if Scan this file/folder - aka Finder Scan - is still available with the Home version) scans but this is not the main purpose.
the dis-advanteage
the disadvantage would be significantly extended start-up times. But as said, it's not designed to be used just for occasional on-demand scans.
Christian
Hello Christian,
thanks for your input about Sophos' terminology. Unfortunately the used terms in my installed version (*) appear different to your discription. Main difference is probably the Feature "Auto-Update" which seems to be the "Live Protection" in your description.
This just made me aware of another weirdness: Though I have "Auto-Update" unselected in prefs it appears "on" some way: it just shows an update from 3 days ago (whereas my last manualy use of Sophos was 7 days ago and all automatic features are unchecked).
I do know now that ...
... Sophos is not meant for manually on-demand usage.
... Sophos always keeps RAM even if there is no task to do.
... this permanent RAM usage might shorten startup time as soon a task should get startet.
But still I do not understand, why this is a must-have for the user. – Otherwise every application on a computer could want to keep itself in RAM for the reason to be faster as soon it shall start. That does not make sense to me – and, sorry, I do not see a relevant dis-advantage if an occasional start of Sophos would take more time. Sophos is an app for background processes, not for user interactive work.
– So, why should it not may take a while to start – since I agree by deselecting its auto-features?
(*) "Home Edition Version 9.6.6"
Thomas
Hello Thomas,
Auto-Update refers to automatically updating definitions (new ones are provided every few hours), the definition database (once a month), engine and software updates to disk (local storage). Live Protection (if enabled) is a feature where certain definitions - when they match on a file - instruct the scanner to consult "the cloud" for any potential updates that have not yet been delivered by the regular updates.
Sophos is an app for background processes
AV (not Sophos in particular) is usually designed to proactively protect a user (and the system) from malicious activity - before some malware can spring into action. Therefore when a process (a user) attempts to open a file the open is intercepted, the file is scanned (real-time scanning), and depending on the results the open allowed to continue or blocked. Won't help much if you start an on-demand scan after you have noticed that "somethings going on".
You don't install a burglar-alarm in your house just to disable it and only turn it on every now and then to check whether you've left a door open or a window is broken. You might agree to have it turned off most of the time it'll likely be on stand-by.
Christian
Hello Christian,
Your comparison with a burglar-alarm makes me smile. Indeed, if I would have an alarm, I would switch it on occasionally only: for those moments, when I am not at home, have no control whats going on inside. It should be better than a dog that gets nervous with every visitor. My desired use of Sophos AV is not to have it running around permanently like a nervous dog - but to be there if I like.
With macOS my computer permanently runs a built-in firewall and AV – not perfect but more than nothing. Sophos AV appears not to respect this colleague. I do understand your concept for Sophos AV in general as a stand-alone software. But for Sophos' mac edition I don't see the need of this permanent RAM requirement in switched-off states. Seems you want to convince me of the need of antivirus:
> (...) when a process (a user) attempts to open a file the open is intercepted, the file is scanned (real-time scanning), and depending on the results the open allowed to continue or blocked.
An idea which I don't like. I don't mistrust myself that much.
> Won't help much if you start an on-demand scan after you have noticed that "somethings going on".
Hm, in my perspective it would, not perfect but more than nothing. I don't wear a bicycle-helmet, I go now and then at red across the street, I don't lock my appartment when I look for paper mail and I open every letter without precautions. I must be dead already. And one day I will, even with precautions 24/7.
For now: I just want to get RAM back from Sophos AV when I don't let it work. Do I have to kill it from my computer for this?
thomas
Hello Thomas,
[:D] I'm not trying to sell you real-time protection and I don't demand that you mistrust yourself. Just tried to explain the how and why.
I just want to get RAM back
side note: Any indication of actual shortage caused by this RAM consumption? I'd assume (I haven't investigated) that most of the memory used by the daemons is nevertheless pageable and as it isn't active would be paged out in can of a shortage of physical RAM. Thus it shouldn't cause a constant penalty.
Christian
