This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos AV HE 9.4.2 hangs

...and can not stop it (More than 3 days, hanging at 217K files remaining. I cancelled all other scans. Running OS X 10.11.5

Please advise what to do. thanks!



This thread was automatically locked due to age.
Parents
  • I suspect Sophos is following symbolic links when scanning and that this may lead to cycles of always scanning the same files over and over again. On a raid system with about 9 million files on the system, Sophos was still running 3 days later after scanning 60 Million files. I found a workaround by excluding scans of the directories: /Users/"username"/Library/Containers/ where "username" is to match the name of your user If you have multiple users, you may want to create an exclusion for each of them. After configuring this in the web console, the ongoing scan will stop cycling and it finished about 10 minutes later :-) If you want to see which files are scanned, first identify the process ID (PID) of the SophosAVAgent using Activity monitor. then open terminal application and type the following command (where you need to replace PID with the numeric value you identified earlier: sudo opensnoop -p PID After entering your password, you will see the list of files scanned passing by. To stop, hit control-c character. please report if this helped? -- peter goedtkindt
Reply
  • I suspect Sophos is following symbolic links when scanning and that this may lead to cycles of always scanning the same files over and over again. On a raid system with about 9 million files on the system, Sophos was still running 3 days later after scanning 60 Million files. I found a workaround by excluding scans of the directories: /Users/"username"/Library/Containers/ where "username" is to match the name of your user If you have multiple users, you may want to create an exclusion for each of them. After configuring this in the web console, the ongoing scan will stop cycling and it finished about 10 minutes later :-) If you want to see which files are scanned, first identify the process ID (PID) of the SophosAVAgent using Activity monitor. then open terminal application and type the following command (where you need to replace PID with the numeric value you identified earlier: sudo opensnoop -p PID After entering your password, you will see the list of files scanned passing by. To stop, hit control-c character. please report if this helped? -- peter goedtkindt
Children
No Data