Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 120 replies
  • Subscribers 6 subscribers
  • Views 1044600 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9 causes Mavericks to freeze

symt

Hi Everyone,

I recently got the top of the line iMac, which I was very happy with.

As I was a Mac user before, I knew which software is great and Sophos Anti-Virus for Mac was one of those.

So I had Sophos installed, from the beginning and over the time I noticed one big annoying issue:

The Mac froze from time to time. Whenever the Mac was running the whole day, it wouldn't survive without a hard-reboot any day.

It always showed the same behavior:

 1. Internet connectivity drops

 2. The beachball begins to appear, when hovering some icons in the top menu bar

 3. Programs that are connected to the internet begin to freeze (beachball)

I can't open any other programs after the Mac is in that state, the only way out is a hard reboot.

One of the last entries in the console after such a freeze is always from Sophos, like:


 

30.11.13 13:41:04,607    SophosWebD[106]    <SMENode: 0x7fedaac7a6d0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
30.11.13 13:42:16,742    SophosWebD[106]    <SMENode: 0x7fedac51d7d0> localNode csc:2ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
30.11.13 13:43:34,626    SophosSXLD[107]    20131130 124334.626 P       107 T      1522 ------ 2             - Warning: EARLY TIMEOUT: dns context 31 has 9568 ms before it should time out\n
30.11.13 13:43:36,420    SophosSXLD[107]    20131130 124336.419 P       107 T      1522      2 2   - sxe_write_to(): Error writing to socket=7: (64) Host is down
30.11.13 13:43:36,420    SophosSXLD[107]    20131130 124336.419 P       107 T      1522 ------ 1   - Failed to send SXL request 4097: error=ERROR_INTERNAL
30.11.13 13:44:37,225    SophosSXLD[107]    20131130 124437.224 P       107 T      1522 ------ 2             - Warning: EARLY TIMEOUT: dns context 29 has 9275 ms before it should time out\n
30.11.13 13:44:38,652    SophosSXLD[107]    20131130 124438.652 P       107 T      1522      2 2   - sxe_write_to(): Error writing to socket=7: (64) Host is down
30.11.13 13:44:38,652    SophosSXLD[107]    20131130 124438.652 P       107 T      1522 ------ 1   - Failed to send SXL request 4097: error=ERROR_INTERNAL
23.11.13 11:48:54,983    SophosWebD[92]    <SMENode: 0x7fa7a141c300> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,719    SophosWebD[92]    <SMENode: 0x7fa7a4500160> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,727    SophosWebD[92]    <SMENode: 0x7fa7a400c410> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,735    SophosWebD[92]    <SMENode: 0x7fa7a444acd0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:16:44,382    SophosWebIntelligence[92]    tcp_connection_destination_prepare_complete 6783 connectx to IP_REMOVED_BY_ME#80 failed: 65 - No route to host
23.11.13 12:16:44,382    SophosWebIntelligence[92]    tcp_connection_handle_destination_prepare_complete 6783 failed to connect
23.11.13 12:28:19,935    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:19,937    SophosSXLD[107]    daemon is running
23.11.13 12:28:21,593    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:24,000    kernel[0]    Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
23.11.13 12:28:25,373    SophosAutoUpdate[112]    AlreadyRegistered
23.11.13 12:28:25,857    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,857    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,860    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,869    SophosSXLD[107]    sxl started
23.11.13 12:28:25,870    SophosSXLD[107]    sxl configuration succeeded
23.11.13 12:28:28,000    kernel[0]    Sophos Anti-Virus on-access kext activated
23.11.13 12:28:59,660    SophosWebD[106]    <SMENode: 0x7ff010d031e0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
...
23.11.13 12:29:24,610    SophosWebD[106]    <SMENode: 0x7ff012a1e070> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:29:26,116    SophosWebD[106]    <SMENode: 0x7ff01290e8d0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:29:26,123    SophosWebD[106]    <SMENode: 0x7ff0128550f0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=54 "Der Vorgang konnte nicht abgeschlossen werden. Verbindung wurde von der Gegenstelle zurückgesetzt"
23.11.13 12:29:26,130    SophosWebD[106]    <SMENode: 0x7ff010c1e1f0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
...

   ("Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe" means "The operation couldn't be completed. Broken pipe.")

I was hoping desperately, that Sophos isn't the root cause for that freeze-behavior. I tried to remove it completely, and then re-installed again - this did not solve the issue. I then completely removed Sophos again, this appeared to be the solution. Sophos is gone, and I'm not experiencing the freezes anymore.

I'm now using a different Mac AV product, not from Sophos (:smileysad: which I'm not too happy about).

So my question: Has anyone experienced the same behavior, is this a known issue?


Another thing I'm not too happy about, is that there are still residues from the Sophos AV on my system.

For example, I'm getting those errors in the console:

08.12.13 15:08:11,860 com.apple.security.XPCKeychainSandboxCheck[1735]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:08:11,860 com.apple.security.XPCKeychainSandboxCheck[1735]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:12:31,672 com.apple.security.XPCKeychainSandboxCheck[1973]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:12:31,672 com.apple.security.XPCKeychainSandboxCheck[1973]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
09.12.13 14:06:40,338 com.apple.security.XPCKeychainSandboxCheck[280]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
09.12.13 14:06:40,338 com.apple.security.XPCKeychainSandboxCheck[280]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
...

  And there is a keychain access object, which is read only and can't be removed at all!

  I tried everything - also from /System/Library/Keychains I can't remove it, as it's not listed.

Does anyone know, how to remove those leftovers?

Many thanks & best regards,
symt

 

:1014893


This thread was automatically locked due to age.
  • 0
    Thicot01 wrote:
    ...

    Every time this happened, I was watching a video on youtube.

    ...

    I'm glad it wasn't just me, so hopefully the issue can get resolved :smileyhappy:.

    As far as I remember, I was also watching videos on youtube, everytime when one of those freezes occurred.

    The video I was watching stopped, I was wondering if it's my internet connection and then all the previously described symptoms appeared (beachball etc.).

    Not sure if it could be related to the issue though.

    :1015145
  • 0

    Hi,

    I would like to get more understanding of the problem. I would like to establish some form of a system profile to try and reproduce the problem. Kindly provide me with further information by answering the question below to help with my efforts.

    1. When did you start noticing this problem? Was after a version update or an OS update?
    2. If you did an OS update, what was the previous version you updated or upgraded from
    3. Have you recently or ever turned on Core Dumps? If you have no idea what this is then you may not have messed with it, which is a good thing.
    4. When the system freezes, does the OS panic (crash and reboots)?
    5. What happens if you simply turn off both of the Web protection features?
    6. Do you notice the problem if you turn off just the feature that blocks "malicious websites using realtime URL Reputation checks"?
    7. Do you notice the problem if you turn off just the feature that blocks "malicious downloads"?

    Thanks,


    - E

    :1015151
  • 0

    1. I noticed the issue 2 days ago and it seems that it matches with the last Mac OS upgrade 10.9.1

    2. Previous version was 10.9 build 13A603

    3. Never activated Core Dumps.

    4. When the system freezes, it freezes that's it. You can sometimes move safari's window but nothing else, escape keys do not work. Caps Lock led works when pressed but the only option is to keep pressed the power button until the computer shuts down as menus are totally unresponsive as well as the dock. Just the small beachball as a cursor.

    5. It works perfectly since I turned off web protection. Surfing is faster and everything is fine.

    I will try the point 6 and 7 later on as I am not really keen on switching off my computer the way Sophos force me to do.

    :1015157
  • 0

    Hi all,

    I've been having this freezing issue for several weeks. At first I put it down to something I'd installed being incompatible with mavericks. I deleted newly added apps and removed all plugins and add-ons in my browsers. Still no joy, so I reinstalled the OS, then did a clean reinstall, switching off sophos on-access scanning.

    As I have reinstalled bits and pieces, I've been coming to the conclusion that the issue may be around Sophos, so it has been very interesting to come across this thread.  Currently I am running sophos version 8.0.21C - I thought the Update Now command in the menu checked the app status as well as the threats database, hence my visit to the website to check my versions.

    If this issue is affecting v8 as well as v9, I'm wondering if it would help people if I stick to the older version and reactivate on-access scanning and see what happens.  I can then grab the logs and post.  What do you think?

    Cheers

    rog

    Macbook Pro mid-2010, 2.4 GHz, 8GB RAM, OSX 10.9.1

    :1015187
  • 0

    I'm having this exact problem with Sophos 9 and Mac OS X 10.8.5 -- the gradual beachball/unresponsiveness of everything. I've discovered that it clears itself after about 7-9 minutes every time, and every time it seems associated with a Sophos update (if I go to the Sophos icon afterward, it shows it as "Updating," though it may not if I check it early when I can still get some response).

    In fact, everything but the mouse cursor freezes at a certain point (I'm running a clock with a seconds indicator). For instance tonight, the unresponsiveness started, and within maybe 30 seconds the clock froze at 19:03:46, and stayed that way until it suddenly unfroze at 19:10:29. I looked afterward and Sophos was updating.

    I didn't have any YouTube videos going, in fact I only had up Parallels (not doing anything, just running in Coherence), Stickies, and Chrome with a few tabs open (searching some sites for a washing machine manual, one *may* have had a video on it that wasn't playing, I don't remember if I came to that one at that point). When things started to slow I brought up Terminal.app but it never fully finished logging in when things fully froze.

    The other oddness is that I have iStat Menus running and it doesn't show anything particularly noteworthy in terms of CPU, memory, disk, or network usage when this starts to go south.

    :1015345
  • 0

    I'd suggest disabling AutoUpdate and seeing how you go.  Uncheck the auto update option and only update manually (daily/when you remember).  See if the problem occurs only then.  Or change the units to 'days' rather than 'Hours'.

    2014-01-10_14-00-09.png

    :1015373

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    Just wondering if there's any update for me. Did you try steps 6 and 7?

    Thanks,

    :1015383
  • 0

    So far, I have tried Option 6 with no problem at all for some time now, I am too busy right now to try option 7.

    :1015387
  • 0

    Hi All,

    I've been having this exact same issue for months. I upgraded to Sophos 9 about the same time I upgraded to Mavericks in October. I don't remember the problems starting right away, but they eventually started happening on an almost daily basis -- more or less the same as symt described them in the original post. The problems seem to happen most often after using the internet for long periods of time, when downloading large files, or when streaming online video.

    I couldn't see a definite pattern or trigger, but after a lot of observation and troubleshooting, it did seem like the problems might be internet related. My computer used to be connected to the internet using wi-fi (which I read some users were also having problems with after upgrading to Mavericks). So, I've since connected the computer to my modem via ethernet and that seems to have reduced the frequency of the problems but it didn't eliminate them. I've also tried troubleshooting the issue with my ISP, I've run multiple virus scans, used disk first aid and repair, etc. But I still couldn't find a solution.

    I was really not looking forward to re-installing all of my software to try and isolate this issue. So this thread gives me some hope. I've changed the Sophos auto-update feature to check for updates once a day (instead of every hour) and turned off web protection. If the problem goes away, I will try turning the web protection features back on one by one to see if anything changes. If the problem doesn't go away, I will try removing Sophos from my system entirely.

    Here's a summery of answers to elhini's questions:

    1. I first noticed the issue happening sometime after upgrading to Mavericks 10.9. I also updated to Sophos 9 at the same time.

    2. Before Mavericks, I was previously using Mountain Lion 10.8.5 and Sophos 8.

    3. I've never touched Core Dumps.

    4. The OS did not panic, or crash and reboot by itself. The OS always progressively freezes -- starting by dropping my internet connection, then freezing internet-related apps, and finally the rest of the computer usually freezes as well. I usually try to initiate a proper system restart to clear up the problem as soon as I see it happening, but I usually have to resort to a hard reboot, sometimes doing this several times in a row. Sometimes taking up to 20-30 minutes of my time.

    5. I'm turning off both web protection features now and will see what happens.

    6. I will try this next.

    7. I will try this next.

    Thanks again!

    Mike.

    iMac 27-inch (mid-2011), 3.1 GHz Intel Core i5, 12GB RAM, 1TB HD, Mac OS X 10.9.1, Sophos Anti-Virus 9.0.6

    :1015507
  • 0

     After upgrading my iMac to Mavericks has nearly identical crash log. If fact capturing the crash log is nearly impossible because the beach ball spins requiring a hard reset. Out of about 100 hard resets (3-5 hard resets per day), only had a chance to capture the crash log once, and sent the crash stats to Apple once. I posted the crash log on Apple's support forum but the fan boys are so protective of Apple my request for Apple support gets buried in requests to remove Sophos, map reduce and other software I need. However I can't remove Sophos becuase my iMac needs to access Stanford's network. About sure my network login will be denied if I remove anti-virus https://itservices.stanford.edu/service/ess/mac/sophos

    I took 6 weeks off, travelling to NY and UK, on return expecting Apple or Sophos to have issued a fix.  No such luck. My iMac has the 2.8 Ghz (quad 4) Intel Core i5. My Macbook pro running the same Mavericks 10.9.1 and same Spohos versions but with a 2008 core2duo is working perfectly. I'd harzard a guess the Sophos team hasn't come across many iMacs running this particular quad 4 Intel processor. What else can it be?  

    :1015619
Unfiltered HTML