Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 8 subscribers
  • Views 98150 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Antivirus and Time Machine

Haravikk

Does anyone else find that the default "Scan This Mac" option gets stuck unless you exclude your Time Machine backup volume from the scan? I was really disappointed with the speed of the scan until I thought to try this, as I was finding it would get stuck about a third of the way in and stay there for hours until I gave up. The only reason I can think of for this though would be if it's scanning the full contents of every backup, but that would be a staggering number of files to get through (my system has millions of files as it is, totalling around 2.5tb).

I would think that an antivirus product for Mac would be aware of Time Machine's file structure and have methods for accelerating the scan. For example, it's pretty easy to figure out which files have changed between two Time Machine backups by comparing inodes, since Time Machine uses hard-links, so only original files and changed files should need to be scanned. Also, since a Time Machine backup is just a snapshot of the rest of your system, it should be easy enough for Sophos antivirus to determine if the file is identical to one already scanned (or waiting to be scanned) on the main system or not, so that copies don't need to be scanned more than once.

Does Sophos antivirus already account for these things? Otherwise I can't figure out why excluding my Time Machine backup would solve the problem. Should I submit a support ticket somewhere?

:1015215


This thread was automatically locked due to age.
Parents
  • 0

    SAV has a default exclusion for on-access scanning and any Time Machine volume, however on-demand scanning doesn't have a predefined exclusion.

    If using Time Machine some users may want to scan the Time Machine volume, some may not.  By default the volume is scanned with on-demand but automatic cleanup isn't enabled because TM backups have a complex structure and even encrypted.  There are quite a few posts on this forum from users scanning their Macs and TM volumes and finding things hence it's worth doing.  If you haven't already done so watch the scanning video for SAV for Mac HE which explains all local volumes are scanned and that this may not be desirable.

    I think from a security point of view you're going to want to exclude as little as possible, however without the on-access exclusion the performance of the computer could be lowered.  Hence the balance struck is to exclude on-access scanning and leave on-demand up to the user.

    :1015259

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    SAV has a default exclusion for on-access scanning and any Time Machine volume, however on-demand scanning doesn't have a predefined exclusion.

    If using Time Machine some users may want to scan the Time Machine volume, some may not.  By default the volume is scanned with on-demand but automatic cleanup isn't enabled because TM backups have a complex structure and even encrypted.  There are quite a few posts on this forum from users scanning their Macs and TM volumes and finding things hence it's worth doing.  If you haven't already done so watch the scanning video for SAV for Mac HE which explains all local volumes are scanned and that this may not be desirable.

    I think from a security point of view you're going to want to exclude as little as possible, however without the on-access exclusion the performance of the computer could be lowered.  Hence the balance struck is to exclude on-access scanning and leave on-demand up to the user.

    :1015259

     - - - - - - - - - - - -

    Communities Moderator, SOPHOS
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML