Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 120 replies
  • Subscribers 6 subscribers
  • Views 1044668 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 9 causes Mavericks to freeze

symt

Hi Everyone,

I recently got the top of the line iMac, which I was very happy with.

As I was a Mac user before, I knew which software is great and Sophos Anti-Virus for Mac was one of those.

So I had Sophos installed, from the beginning and over the time I noticed one big annoying issue:

The Mac froze from time to time. Whenever the Mac was running the whole day, it wouldn't survive without a hard-reboot any day.

It always showed the same behavior:

 1. Internet connectivity drops

 2. The beachball begins to appear, when hovering some icons in the top menu bar

 3. Programs that are connected to the internet begin to freeze (beachball)

I can't open any other programs after the Mac is in that state, the only way out is a hard reboot.

One of the last entries in the console after such a freeze is always from Sophos, like:


 

30.11.13 13:41:04,607    SophosWebD[106]    <SMENode: 0x7fedaac7a6d0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
30.11.13 13:42:16,742    SophosWebD[106]    <SMENode: 0x7fedac51d7d0> localNode csc:2ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
30.11.13 13:43:34,626    SophosSXLD[107]    20131130 124334.626 P       107 T      1522 ------ 2             - Warning: EARLY TIMEOUT: dns context 31 has 9568 ms before it should time out\n
30.11.13 13:43:36,420    SophosSXLD[107]    20131130 124336.419 P       107 T      1522      2 2   - sxe_write_to(): Error writing to socket=7: (64) Host is down
30.11.13 13:43:36,420    SophosSXLD[107]    20131130 124336.419 P       107 T      1522 ------ 1   - Failed to send SXL request 4097: error=ERROR_INTERNAL
30.11.13 13:44:37,225    SophosSXLD[107]    20131130 124437.224 P       107 T      1522 ------ 2             - Warning: EARLY TIMEOUT: dns context 29 has 9275 ms before it should time out\n
30.11.13 13:44:38,652    SophosSXLD[107]    20131130 124438.652 P       107 T      1522      2 2   - sxe_write_to(): Error writing to socket=7: (64) Host is down
30.11.13 13:44:38,652    SophosSXLD[107]    20131130 124438.652 P       107 T      1522 ------ 1   - Failed to send SXL request 4097: error=ERROR_INTERNAL
23.11.13 11:48:54,983    SophosWebD[92]    <SMENode: 0x7fa7a141c300> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,719    SophosWebD[92]    <SMENode: 0x7fa7a4500160> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,727    SophosWebD[92]    <SMENode: 0x7fa7a400c410> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 11:53:45,735    SophosWebD[92]    <SMENode: 0x7fa7a444acd0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:16:44,382    SophosWebIntelligence[92]    tcp_connection_destination_prepare_complete 6783 connectx to IP_REMOVED_BY_ME#80 failed: 65 - No route to host
23.11.13 12:16:44,382    SophosWebIntelligence[92]    tcp_connection_handle_destination_prepare_complete 6783 failed to connect
23.11.13 12:28:19,935    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:19,937    SophosSXLD[107]    daemon is running
23.11.13 12:28:21,593    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:24,000    kernel[0]    Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
23.11.13 12:28:25,373    SophosAutoUpdate[112]    AlreadyRegistered
23.11.13 12:28:25,857    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,857    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,860    SophosSXLD[107]    Unusable network configuration, sxl daemon is not listenning for queries.
23.11.13 12:28:25,869    SophosSXLD[107]    sxl started
23.11.13 12:28:25,870    SophosSXLD[107]    sxl configuration succeeded
23.11.13 12:28:28,000    kernel[0]    Sophos Anti-Virus on-access kext activated
23.11.13 12:28:59,660    SophosWebD[106]    <SMENode: 0x7ff010d031e0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
...
23.11.13 12:29:24,610    SophosWebD[106]    <SMENode: 0x7ff012a1e070> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:29:26,116    SophosWebD[106]    <SMENode: 0x7ff01290e8d0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
23.11.13 12:29:26,123    SophosWebD[106]    <SMENode: 0x7ff0128550f0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=54 "Der Vorgang konnte nicht abgeschlossen werden. Verbindung wurde von der Gegenstelle zurückgesetzt"
23.11.13 12:29:26,130    SophosWebD[106]    <SMENode: 0x7ff010c1e1f0> localNode csc:1ERROR! encountered an error while writing to outputstream| error:Error Domain=NSPOSIXErrorDomain Code=32 "Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe"
...

   ("Der Vorgang konnte nicht abgeschlossen werden. Defekte Pipe" means "The operation couldn't be completed. Broken pipe.")

I was hoping desperately, that Sophos isn't the root cause for that freeze-behavior. I tried to remove it completely, and then re-installed again - this did not solve the issue. I then completely removed Sophos again, this appeared to be the solution. Sophos is gone, and I'm not experiencing the freezes anymore.

I'm now using a different Mac AV product, not from Sophos (:smileysad: which I'm not too happy about).

So my question: Has anyone experienced the same behavior, is this a known issue?


Another thing I'm not too happy about, is that there are still residues from the Sophos AV on my system.

For example, I'm getting those errors in the console:

08.12.13 15:08:11,860 com.apple.security.XPCKeychainSandboxCheck[1735]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:08:11,860 com.apple.security.XPCKeychainSandboxCheck[1735]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:12:31,672 com.apple.security.XPCKeychainSandboxCheck[1973]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
08.12.13 15:12:31,672 com.apple.security.XPCKeychainSandboxCheck[1973]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
09.12.13 14:06:40,338 com.apple.security.XPCKeychainSandboxCheck[280]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
09.12.13 14:06:40,338 com.apple.security.XPCKeychainSandboxCheck[280]: Can't get sandbox fs extension for /Library/Sophos Anti-Virus/Sophos.keychain, status=-1 errno=No such file or directory ext=(null)
...

  And there is a keychain access object, which is read only and can't be removed at all!

  I tried everything - also from /System/Library/Keychains I can't remove it, as it's not listed.

Does anyone know, how to remove those leftovers?

Many thanks & best regards,
symt

 

:1014893


This thread was automatically locked due to age.
  • 0

    Hi Victor,

    Thanks for your response.

    I started using Chrome again as I thought it might not have been the culprit (since the exact same thing happened with Firefox).

    Model Name:MacBook Pro 13-inch, Mid 2009

      Model Identifier:MacBookPro5,5

      Processor Name:Intel Core 2 Duo

      Processor Speed:2.26 GHz

      Number of Processors:1

      Total Number of Cores:2

      L2 Cache:3 MB

      Memory:8 GB

      Bus Speed:1.07 GHz

      Boot ROM Version:MBP55.00AC.B03

      SMC Version (system):1.47f2

      Sudden Motion Sensor:

      State:Enabled

     

     

    BTW, happened again.

    Attached Console readings.

    Thanks!

    :1017317
  • 0

    Hi,

    I've had this freezing issue with Sophos and Time Machine ever since Mountain Lion. I've had Sophos installed ever since version 8. I reformatted and reinstalled when I switched to Mavericks. I still have this freezing issue that others have described.

    Both in Mountain Lion and Mavericks, I have added the following to exclusions:

    /Volumes/mybackupdrive

    /Volumes/MobileBackups

    This does not help.

    When the IO freeze occurs, no programs are able to quit (even force quit) and everything freezes for 10 minutes (based on logs). As soon as the freeze is over, I see log messages similar to what others have already posted.

    :1017325
  • 0

    Still stalling after adding /Volumes/MobileBackups/  

    After reading Bob Cooks discussion about the 10 minute issue. I started closing my browser before 10 minutes, this seems to extend the Mac before I forget and Safari finally beach balls.

    I left my Mac running after the beach ball for about 1 hour 20minutes, this caused the machine to crash. Log attached. 

    I went looking in crash and diagnostic logs for the [EWOULDBLOCK] Bob Cook was aking about. I did not find mentions in any of the following logs. 

    109 diagnostic files, tittles span and include 

    BESAgent

    BESClientUI

    dbfeseventsd, SophosManagementAgent 

    dbfeseventsd, SophosMessageRouter

    dbfeseventsd, SophosScanD_yyyy_mm_dd_hhmmss_<..>macbook-pro.shutdownStall

    Google Chrome Helper_yyyy_mm_dd_hhmmss_<..>pro.wakeups_resource.spin

    InterCheck_pro.cpu_resource.spin

    mds...

    node...

    PluginProcess...

    powerstats...

    Safari...

    SophosManagementAgent.... 

    SophosSophosMessageRouter...

    SophosScanD...

    WindowServer...

    :1017331
  • 0

    Hello,

    I also signed up for this sophos forum to chime in because I'm frustrated that my Macbook Pro (Mavericks) is freezing almost every other day. Hopefully my situation can help point to a solution.

    Like for others, my mac freezes when I'm using Chrome or Safari and often when I'm streaming video. I then am forced to force a restart with the power button. I have Sophos 9 installed with the Web Protection turned off. 

    Today I got tired of 3 freezes today so I left the Console open and noticed that the two most recent times, the last messages were related to Time Machine. The last few messages are copied here for both restarts:

    5/27/14 10:43:03.966 PM com.apple.backupd[1146]: Starting automatic backup

    5/27/14 10:43:04.000 PM kernel[0]: nspace-handler-set-snapshot-time: 1401255786

    5/27/14 10:43:04.188 PM com.apple.mtmd[975]: Set snapshot time: 2014-05-27 22:43:06 -0700 (current time: 2014-05-27 22:43:04 -0700)

    5/27/14 10:43:04.234 PM com.apple.backupd[1146]: Error -35 while resolving alias to backup target

    5/27/14 10:43:04.268 PM com.apple.backupd[1146]: Backup failed with error 18: The backup disk could not be found.

    5/27/14 10:50:59.000 PM bootlog[0]: BOOT_TIME 1401256259 0

    5/27/14 11:53:40.133 PM xpcproxy[1192]: assertion failed: 13D65: xpcproxy + 3438 [D559FC96-E6B1-363A-B850-C7AC9734F210]: 0x2

    5/27/14 11:54:40.000 PM kernel[0]: nspace-handler-set-snapshot-time: 1401260082

    5/27/14 11:54:40.508 PM com.apple.mtmd[55]: Set snapshot time: 2014-05-27 23:54:42 -0700 (current time: 2014-05-27 23:54:40 -0700)

    5/27/14 11:55:39.000 PM bootlog[0]: BOOT_TIME 1401260139 0

    I have Time Machine set up to back up to an external disc on a regular basis but I don't always have the external disk connected, hence the failure, subsequent beachball and restart. 

    Now that I think about it, the freezing problems started up around the same time that I set up Time Machine. I never had problems with just Sophos installed. The problem seems to be a combination of Sophos and Time Machine.

    As per the suggestions in this thread I have turned off the Sophos Live Protection (I already had Web Protection turned off but still freezing) and will report back if I experience any freezes.

    :1017605
  • 0

    Same issue here, system freezes on regular basis. I also assume this is related to TimeMachine and On-Access Protection. No more freezes encountered after On-Access Protection is turned off. Excluding the various backup volumes as recommended here did not help.

    :1017697
  • 0

    Turning off On-Access Protection, Safari browser stops beach balling, but my machine continues to freeze (wi-fi gets knocked out). System diagnostic log shows a possible clash between Dropbox and Sophos. 

    dbfseventsd,dbfseventsd,SophosManagementAgent,SophosScanD_2014-06-01-141912_clivebs-macbook-pro.shutdownStall

    Looking deeper in the log and cross referencing with Apple Support Communites. A rare kernal extension kext issue can interfere with the parent process updating the menu. I'm assuming Parent: UNKNOWN PROCESS [0] is the OS X menu frame... that interfering with it knocks out wi-fi trigging system stalling (bit of a hunch here).  

    The solution appears to require a clean install of OS X Mavericks.

    https://discussions.apple.com/thread/5248971

    I will do a clean install of Mavericks...

    OS X 10.9.3

    Sophos version: 9.0.10

    Threat detection: 3.51.0

    Threat data&colon; 5.00

    :1017699
  • 0

    Me too.

    Under the web protection tab, just at present, I can navigate through this discussion's web pages if both "Block access..." AND "Block malicious.." are disabled. If either are turned on then any link brings up a blank page that Safari eventually times out. The same happens with wget in a terminal window. If either is enabled, then internet traffic stops.

    (Traceroute seems to stop at my ISP border in either case, but up to that point I am getting resolved host names, but I guess they could be cached).

    I say just at present because after a reboot it can be OK for hours. I did notice an immediate problem after manually doing a virus update though.

    Sophos AntiVirus (free edition) Version 9.0.11

    OS X 10.9.3

    Any suggestions for gathering more debugging info?

    David Horton

    :1017805
  • 0

    I have an older MacBook Pro and have experienced hangups a couple of months now. Usually I just have rebooted but I have sometimes waited for som 3-5 minutes to see if it would help, but had to reboot. Reading this thread and seeing the 10 minutes freeze I tried the longer wait and found that the system unfroze after 10 minutes.

    I have, after reading this thread, I have disabled the Live protection and Web protection.

    The latest freeze came this morning at 08:37-08:47

    Computer was not used all night and the screensaver was working. When I tried to log in at just before 8.37 I could not get the login window to show. After a few minutes the the screensaver screen was replaced by black screen.

    After 10 minutes wait I could log in. 

    Here are 2 sophos Console log entries just before the latest freeze (full Console log for the time period attached in PDF):

    14/06/14 08:36:58,797 com.sophos.intercheck[3709]: Issue: Could not scan /Users/dagge/Library/Application Support/Google/Chrome/Default/Session Storage/006911.log

    14/06/14 08:36:58,797 com.sophos.intercheck[3709]: An unexpected error occurred

     

    I am running OSX 9.3 and Sophos 9.0.11

     

    I am also attaching my system information in an EtreCheck listing.

     

    Let me know if I can look for some more information.

     

     

    :1017939
  • 0
    Why doesn't Sophos fix this? It shouldn't take a company like Sophos months to fix this. I've already switch to a different service, the crashes were getting ridiculous.
    :1017947
  • 0

    Hello

    I'm also having this problem.

    I'm using chrome and listening to an online radio or watching netflix for example causes my computer to freeze (not all the time and perhaps there are other use cases too). Sometimes I can wait it out and my computer comes back and sometimes I need to do a hard reboot (pressing the power button). 

    I have a macbook pro, 13 inch, mid 2010. I updated from Mountain Lion and before that I think I had Snow Leopard. 

    I have noticed something and I'm not sure if this is related to this freeze problem or not. The thing is that I have a process called SophosScanD that restarts continuosly (every ten seconds or so) and it takes up a lot of resources.

    Looking in the system log I see this: 

    2014-06-15 18:12:23,478 com.apple.launchd[1]: (com.sophos.scan) Throttling respawn: Will start in 1 seconds

    2014-06-15 18:12:24,503 scanserver[514]: server started!

    2014-06-15 18:12:33,908 scanserver[514]: IDEs: 

    Using IDE files:

    [I removed the listing of a lot of ide-files here. Let me know if that is interesting]

    2014-06-15 18:12:33,934 scanserver[514]: SAVI initialization failed

    2014-06-15 18:12:33,934 scanserver[514]: worker init failed... shutting down

    2014-06-15 18:12:33,935 scanserver[514]: Scan server shutting down...

    2014-06-15 18:12:33,945 scanserver[514]: Server stopped

    2014-06-15 18:12:33,964 com.apple.launchd[1]: (com.sophos.scan) Throttling respawn: Will start in 1 seconds

    2014-06-15 18:12:34,987 scanserver[515]: server started!

    2014-06-15 18:12:44,338 scanserver[515]: IDEs: 

    Using IDE files:

    [I removed the listing of a lot of ide-files here. Let me know if that is interesting]

    2014-06-15 18:12:44,363 scanserver[515]: SAVI initialization failed

    2014-06-15 18:12:44,363 scanserver[515]: worker init failed... shutting down

    2014-06-15 18:12:44,364 scanserver[515]: Scan server shutting down...

    2014-06-15 18:12:44,372 scanserver[515]: Server stopped

    2014-06-15 18:12:44,391 com.apple.launchd[1]: (com.sophos.scan) Throttling respawn: Will start in 1 seconds

    As I said earlier I don't know if this is related to the freeze or not as I discovered this first yesterday and it wasn't at the time of a freeze it was just that this process was taking up a lot of resources and my computer got really really warm and that is the reason I noticed it. I cannot say if this has happened before or not because I haven't looked but I have had problem with my computer getting very warm without heavy operations since a while back.

    Is there anyone else experiencing the freezing problem that are having problems with the process SophosScanD starting and stopping continuosly? Or see the same things in the system log?

    In order to not having this process starting over and over again I removed all Sophos related from launchd. I wasn't able to remove Sophos all together with the "Remove Sophos Anti-Virus" app. 

    :1017971
Unfiltered HTML