This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to scan only certain folders

Apologies for what may be a dumb question, but I've searched through he FAQs and this forum and can't find the answer.

My question: it's obvious how to exclude certain folders from on-access scanning, but how do I flip that on its head and INCLUDE only certain folders and NOT scan the rest?

Specifically, I would like to run on-access scanning ONLY on my Apple Mail directory (~/Library/Mail), Desktop (~/Desktop), and downloads folder (~/Downloads).  I want to NOT scan everything else.

How do I do that?  Thanks in advance.

:1001163


This thread was automatically locked due to age.
  • As a P.S., I'd also like to scan all local volmes other than my boot volume (i.e., thumb drives).

    It'd be great to be able to create an on-access scan list like the following (read from the top down):

    Include:

    /Volumes

    Exclude:

    /Volumes/NameOfMyBootVolume

    Include:

    ~/Desktop

    ~/Downloads

    ~/Library/Mail

    :1001171
  • Hello Paul,

    this is not possible and probably never will be.

    Why? The decision whether to scan or not has to be made in real-time when the scanner is notified of an object access and as on-access shall not cause excessive delays the algorithm has to be as simple as possible. This is different from custom scans where timing doesn't have these stringent conditions and the list of objects to scan can be built - exaggerated - at leisure. Actually also there processing is rather simple: Take what's in Scan Items ignoring what's in Excluded Items. Thus you won't even be able to configure a custom scan to do what you outlined without enumerating the volumes to scan omitting the exclusion (and this is generally not feasible for on-access as you'd have to adjust the settings before you mount a volume).

    Nested or hierarchical include/exclude lists not only degrade performance and offset at least part of what you gain from not scanning but are also a hell to set up correctly.

    All in all you should really think about why you can't afford the resources (even if it seems a waste right now) considering what you spend in other areas or applications not only on functionality but simply on "looks".

    Christian

    :1001181
  • Something else to add...

    You might think you want only to scan those areas, but what happens when a new piece of malware is discovered and detected after you've already downloaded it, scanned it, and moved it to somewhere else on your machine?

    If you really don't want to do things this way, I suggest you set up Folder Actions in those locations and script them to "scan now" every time the folder is updated (by adding/removing a file).  You will, however, be severely degrading your protection.

    The simplest method of doing something like this is to right click (control click)  on a folder, select "Folder Actions Setup..." from the bottom, select "add - new folder item.scpt" click attach, and then check the "Enable Folder Actions" checkbox.

    This will give you a basic alert when the contents of the folder changes.

    To make it auto-scan instead, you will need to replace the script with

    property dialog_timeout : 30 -- set the amount of time before dialogs auto-answer.
    
    on adding folder items to this_folder after receiving added_items
    	try
    		tell application "Sophos Anti-Virus"
    			scan finder items added_items
    		end tell
    	end try
    end adding folder items to

    You can do this easily by copying the above code, clicking the Edit Script button, select all text, paste, save as, and name the new script something like add - scan new items.scpt

    Then click the - button on the bottom right of the Folder Actions window to remove the old script, and click the + to add a new one.  Select your new script, and you're done!  From now on, any folder that you set this folder action for will have any new items automatically scanned when they're added.

    This method is the same as an on-demand scan, so on-access can (cringe) be disabled if you do this.  As I said, this is not recommended, but it's doable.

    Also, you probably want to add your Shared folder to this list as well, as anyone can write to that folder if you're on a network.

    :1001201
  • Thanks QC and Agile,

    I appreciate why it makes sense to scan everything on access if possible, and also the tip re alternate approaches (timed scans, folder actions, etc.).  I will consider these strategies.

    FYI, I wanted to explain why I am intrested in using Sophos in a limited way:

    (1) I am using it on a machine that is constrained in terms of CPU speed, RAM, and disk I/O (First Gen MacBook Air).  Sophos may have a light touch, but on this machine every CPU cycle is like gold.  I was trying to target Sophos at the highest-risk areas (mail, Internet downloads, and USB sticks).

    (2) By fencing off most of my hard drive from Sophos on-access scanning, I was hoping to avoid nagging compatibility issues -- the Time Machine problems noted in other postings (now fixed); the issue with PGP Whole Disk Encryption and the recurring enterprise login request, etc.  A/V software can cause subtle issues, particularly on the Mac where developers don't necessarily expect users will run it, and restricting Sophos to only certain directories seemed like the right approach for me.

    Anyway, thanks for the tips.

    :1001203
  • It is a pity that the exclude option cannot become "include certain folders" instead. 

    I'm removing the trial or free version from all five macs because of the InterCheck CPU overload and subsequent processing delays (copying, backing up, etc.); only mail and browser cache new items should be checked, but cannot be configured like this.

    So... Bye!

    :1001439
  • What is your configuration? Except in certain situations on-access should be barely noticeable (if at all). You don't have scan inside archives turned on, do you?

    Christian

    :1001441
  • ...you can easily do this by ... may sound easy to someone that is a tech person, but pages of "easily do this..." answers would be : 1) you want to do this; 2) do this. :-)

    I have spent nine months on and off attempting to get a full scan with a MacMini and MacBookPro, both using El Capitan. Sophos worked for many years with no problem until I upgraded. I have spent 3 days now uninstalling, installing SOPHOS Home and I hang at the same place. I have excluded .dmg as this was a possible fix last year. I spent 3 hrs yesterday moving folders/files from download to trash in an attempt to find what is hanging the system (it will run for over 24 hours and I give up). I can only stop SOPHOS completely thru a reboot.

    So, what is the "Easy" way to get sophos to run a full scan?
    And what is the "Easy" way to exclude TRASH as I don't want to empty it yet.