Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 120 replies
  • Subscribers 6 subscribers
  • Views 1044702 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9 causes Mavericks to freeze

symt

Hi Everyone,

I recently got the top of the line iMac, which I was very happy with.

As I was a Mac user before, I knew which software is great and Sophos Anti-Virus for Mac was one of those.

So I had Sophos installed, from the beginning and over the time I noticed one big annoying issue:

The Mac froze from time to time. Whenever the Mac was running the whole day, it wouldn't survive without a hard-reboot any day.

It always showed the same behavior:

 1. Internet connectivity drops

 2. The beachball begins to appear, when hovering some icons in the top menu bar

 3. Programs that are connected to the internet begin to freeze (beachball)

I can't open any other programs after the Mac is in that state, the only way out is a hard reboot.

One of the last entries in the console after such a freeze is always from Sophos, like:


 

30.11.13 13:41:04,607    SophosWebD[106]    <SMENode: 0x7fedaac7a6d0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
30.11.13 13:42:16,742    SophosWebD[106]    <SMENode: 0x7fedac51d7d0> localNode csc:2ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
30.11.13 13:43:34,626    SophosSXLD[107]    20131130 124334.626 P       107 T      1522 ------ 2             - Warning: EARLY TIMEOUT: dns context 31 has 9568 ms before it should time out\n
30.11.13 13:43:36,420    SophosSXLD[107]    20131130 124336.419 P       107 T      1522      2 2   - sxe_write_to(): Error writing to socket=7: (64) Host is down
30.11.13 13:43:36,420    SophosSXLD[107]    20131130 124336.419 P       107 T      1522 ------ 1   - Failed to send SXL request 4097: error=ERROR_INTERNAL
30.11.13 13:44:37,225    SophosSXLD[107]    20131130 124437.224 P       107 T      1522 ------ 2             - Warning: EARLY TIMEOUT: dns context 29 has 9275 ms before it should time out\n
30.11.13 13:44:38,652    SophosSXLD[107]    20131130 124438.652 P       107 T      1522      2 2   - sxe_write_to(): Error writing to socket=7: (64) Host is down
30.11.13 13:44:38,652    SophosSXLD[107]    20131130 124438.652 P       107 T      1522 ------ 1   - Failed to send SXL request 4097: error=ERROR_INTERNAL
23.11.13 11:48:54,983    SophosWebD[92]    <SMENode: 0x7fa7a141c300> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,719    SophosWebD[92]    <SMENode: 0x7fa7a4500160> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,727    SophosWebD[92]    <SMENode: 0x7fa7a400c410> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,735    SophosWebD[92]    <SMENode: 0x7fa7a444acd0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:16:44,382    SophosWebIntelligence[92]    tcp_connection_destination_prepare_complete 6783 connectx to IP_REMOVED_BY_ME#80 failed: 65 - No route to host
23.11.13 12:16:44,382    SophosWebIntelligence[92]    tcp_connection_handle_destination_prepare_complete 6783 failed to connect
23.11.13 12:28:19,935    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:19,937    SophosSXLD[107]    daemon is running
23.11.13 12:28:21,593    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:24,000    kernel[0]    Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
23.11.13 12:28:25,373    SophosAutoUpdate[112]    AlreadyRegistered
23.11.13 12:28:25,857    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,857    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,860    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,869    SophosSXLD[107]    sxl started
23.11.13 12:28:25,870    SophosSXLD[107]    sxl configuration succeeded
23.11.13 12:28:28,000    kernel[0]    Sophos Anti-Virus on-access kext activated
23.11.13 12:28:59,660    SophosWebD[106]    <SMENode: 0x7ff010d031e0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
...
23.11.13 12:29:24,610    SophosWebD[106]    <SMENode: 0x7ff012a1e070> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:29:26,116    SophosWebD[106]    <SMENode: 0x7ff01290e8d0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:29:26,123    SophosWebD[106]    <SMENode: 0x7ff0128550f0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=54 "Der Vorgang konnte nicht abgeschlossen werden. Verbindung wurde von der Gegenstelle zurückgesetzt"
23.11.13 12:29:26,130    SophosWebD[106]    <SMENode: 0x7ff010c1e1f0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
...

   ("Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe" means "The operation couldn't be completed. Broken pipe.")

I was hoping desperately, that Sophos isn't the root cause for that freeze-behavior. I tried to remove it completely, and then re-installed again - this did not solve the issue. I then completely removed Sophos again, this appeared to be the solution. Sophos is gone, and I'm not experiencing the freezes anymore.

I'm now using a different Mac AV product, not from Sophos (:smileysad: which I'm not too happy about).

So my question: Has anyone experienced the same behavior, is this a known issue?


Another thing I'm not too happy about, is that there are still residues from the Sophos AV on my system.

For example, I'm getting those errors in the console:

08.12.13 15:08:11,860 com.apple.security.XPCKeychainSandboxCheck[1735]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:08:11,860 com.apple.security.XPCKeychainSandboxCheck[1735]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:12:31,672 com.apple.security.XPCKeychainSandboxCheck[1973]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:12:31,672 com.apple.security.XPCKeychainSandboxCheck[1973]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
09.12.13 14:06:40,338 com.apple.security.XPCKeychainSandboxCheck[280]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
09.12.13 14:06:40,338 com.apple.security.XPCKeychainSandboxCheck[280]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
...

  And there is a keychain access object, which is read only and can't be removed at all!

  I tried everything - also from /System/Library/Keychains I can't remove it, as it's not listed.

Does anyone know, how to remove those leftovers?

Many thanks & best regards,
symt

 

:1014893


This thread was automatically locked due to age.
  • 0
    lumberjackjim wrote:

    Hi Bob,

    Thanks for your response.

    Can you kindly link to the website? I'm having a hard time locating MySophos Downloads.

    http://www.sophos.com/en-us/support/downloads/standalone-installers/anti-virus-for-mac-os-x.aspx

    That page will ask you to log in. The credentials are related to your license, your administrator should have details.

    The Preview section at the top of that page will have the 9.1.5 installer available. Let me know if you don't see the Preview section (at that point we should switch to direct email contact, I'll need to know some details about your license which I would not ask you to post here).

    Hope that helps.

    :1018189

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0
    bobcook wrote:
    micaelus wrote:

    @Bob - so far, so good. Been about 3 days hang-free. I'm not seeing any of the repetitive log entries either, but I do see this on occasion: 

    SophosSXLD[111]: [SMESXLInterface.m:427] no DNS addresses found

    We'll look into that log message to see if its anything of concern.

    You can safely ignore that log message. The software in question (SophosSXLD) uses your DNS settings. It logs that message if the active network doesn't appear to (yet) have any DNS servers. This can happen if your computer is not connected to the network. Our software watches for ongoing changes, so once you are connected to the network you should be good again.

    This started a good conversation about whether we should bother logging this message. It seems we shouldn't, its just confusing. Apologies.

    :1018191

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0

    Hi Bob, I have also been experiencing these random 10 minute freezes on the daily and my research has led me to this thread.  I was wondering if I could get access to this Preview version of Sophos and start testing it out.  Currently I have about 100 users that have been itching to upgrade to Mavericks and I am hoping to get this fixed before I give them the go ahead.  I have reached out to you via your email address in your signature as well if we need to confirm my license account number.  

    Also, something that just started happening that may or may not be related is that my Automatic Updates have compeletely stopped and refuse to authenticate, for me and other users as well.

    :1018201
  • 0

    Thank you @Bob for being so responsive! Happy to help.

    :1018205
  • 0
    Alright! It's been a week, and I've yet to see a single freeze on my system.

    At the very least, I think v9.1 solves the problem of locks associated with Time Machine local backups.

    Hooray!
    :1018223
  • 0

    Thanks Bob!

    I think avoid contacting IT and uninstall the enterprise version and try the home edition as it's on my personal computer.
    Not entirely sure what the differences are between the 2, but I trust Sophos' quality of software across the board.

    K.

    :1018231
  • 0
    necopinus wrote:
    Alright! It's been a week, and I've yet to see a single freeze on my system.

    At the very least, I think v9.1 solves the problem of locks associated with Time Machine local backups.

    Hooray!

    Sounds great, thanks for the feedback. Please let us know if you do spot any issues. Current plan (subject to change) is to replace 9.0 with 9.1 in early August, and your continued feedback is essential to build our confidence this is a good thing.

    :1018255

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0
    lumberjackjim wrote:

    ... and try the home edition as it's on my personal computer.

    Not entirely sure what the differences are between the 2, but I trust Sophos' quality of software across the board.

    Thanks for the confidence, definitely appreciated.

    We have four different packages of the Mac endpoint software:

    • for Sophos Cloud - tight integration with our newest management system, includes device control, web control (beta today), and some tamper protection features
    • for Sophos Enterprise Console - integration with our on-premise management system, includes device control and tamper protection features (in Preview today)
    • for business users, but unmanaged (we often call it "stand-alone")
    • for home users (aka the free "Home Edition")

    The last two are very similar, with the differences being that the business users can manage their own updating settings, have a few deployment features for organizations that wish to standardize their installations, and obviously those customers get access to our support team via phone or email as needed.

    We don't always update all four packages on the same day, but they generally follow each other within a month or two. We don't have a specific policy about prioritizing which packages get new features first, but recently its been the package for Sophos Cloud which tends to lead the way.

    Hope that helps explain things better.

    :1018257

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0
    So far it's been smooth sailing on all fronts, but I'll post something if I start seeing problems.
    :1018267
  • 0

    Hi all,

    test driving Sophos 9 for corporate use, got hangs just like described in this thread.  Running a MBA with Mavericks 10.9.3, the latest Chrome, and Sophos Cloud Endpoint v9.1.5, using Time Machine, did all the tricks suggested in this thread. Kept having a hanged MBA until disabling Time Machine local backups. (Or at least I haven't had this Mac going unresponsive yet after disabling local backups.)

    I was going to deploy Sophos to our Macs this summer but now I think I need to wait and see just for a while more. Would have hoped this one long gone by now since this thread seems to be several months old.

    --sami

    :1018291
Unfiltered HTML