This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Antivirus and Time Machine

Does anyone else find that the default "Scan This Mac" option gets stuck unless you exclude your Time Machine backup volume from the scan? I was really disappointed with the speed of the scan until I thought to try this, as I was finding it would get stuck about a third of the way in and stay there for hours until I gave up. The only reason I can think of for this though would be if it's scanning the full contents of every backup, but that would be a staggering number of files to get through (my system has millions of files as it is, totalling around 2.5tb).

I would think that an antivirus product for Mac would be aware of Time Machine's file structure and have methods for accelerating the scan. For example, it's pretty easy to figure out which files have changed between two Time Machine backups by comparing inodes, since Time Machine uses hard-links, so only original files and changed files should need to be scanned. Also, since a Time Machine backup is just a snapshot of the rest of your system, it should be easy enough for Sophos antivirus to determine if the file is identical to one already scanned (or waiting to be scanned) on the main system or not, so that copies don't need to be scanned more than once.

Does Sophos antivirus already account for these things? Otherwise I can't figure out why excluding my Time Machine backup would solve the problem. Should I submit a support ticket somewhere?

:1015215


This thread was automatically locked due to age.
Parents
  • The slowness with Time Machine remains an ongoing problem. There are two parts to this problem. The first part, excluding the Time Machine backup volume is well-addressed in this thread. However, the other part, disabling on-access scanning while Time Machine is running is barely touched on.

    Even after excluding the Time Machine volumes, if on-access scanning is enabled, Time Machine backups take from 3 to 6 hours on my rig. Without on-access scanning enabled, we observe a relatively low number of minutes for the Time Machine backup.

    Yes, you want to decide if scanning your backup is relevant. For me it is not. But apparently while Time Machine is backing up, Sophos is apparently scanning a large amount of the main hard drive as each file is accessed. As pointed out by others, it seems this behavior could be greatly improved in the design of Sophos. I am not going to rehash those discussions.

    In the meantime, there are two courses for me:

    1. Just let it take 3 - 6 hours. The downside of that is that the "every hour" backup is no longer happening.
    2. Temporarily disable on-access scanning during a backup. This is not practical as it requires frequent intervention with settings that should be left alone.

    Neither of these course are acceptable.

    On a related issue, if on-access scanning is enabled, entering Time Machine is very slow, and navigation within Time Machine is very, very, very slow.. Like plan to take 20 - 40 minutes to populate and navigate, depending on the context. This has been a giant annoyance for me for years until I discovered that temporary disabling of on-access scanning restores Time Machine to its previous, pretty good responsiveness. Since entering Time Machine is an infrequent manual process, it is pretty easy to do the manual disable/re-enable of on-access scanning.

Reply
  • The slowness with Time Machine remains an ongoing problem. There are two parts to this problem. The first part, excluding the Time Machine backup volume is well-addressed in this thread. However, the other part, disabling on-access scanning while Time Machine is running is barely touched on.

    Even after excluding the Time Machine volumes, if on-access scanning is enabled, Time Machine backups take from 3 to 6 hours on my rig. Without on-access scanning enabled, we observe a relatively low number of minutes for the Time Machine backup.

    Yes, you want to decide if scanning your backup is relevant. For me it is not. But apparently while Time Machine is backing up, Sophos is apparently scanning a large amount of the main hard drive as each file is accessed. As pointed out by others, it seems this behavior could be greatly improved in the design of Sophos. I am not going to rehash those discussions.

    In the meantime, there are two courses for me:

    1. Just let it take 3 - 6 hours. The downside of that is that the "every hour" backup is no longer happening.
    2. Temporarily disable on-access scanning during a backup. This is not practical as it requires frequent intervention with settings that should be left alone.

    Neither of these course are acceptable.

    On a related issue, if on-access scanning is enabled, entering Time Machine is very slow, and navigation within Time Machine is very, very, very slow.. Like plan to take 20 - 40 minutes to populate and navigate, depending on the context. This has been a giant annoyance for me for years until I discovered that temporary disabling of on-access scanning restores Time Machine to its previous, pretty good responsiveness. Since entering Time Machine is an infrequent manual process, it is pretty easy to do the manual disable/re-enable of on-access scanning.

Children
  • I'm giving up on Sophos--with On-Acess Scanning enabled, my incremental Time Machine backup takes days to complete, so it never catches up with my daily work (without Sophos, it takes about 30 minutes). And yes, my Time Machine volume is excluded.

    I tried a clean drive for a brand new Time Machine backup, and according to the math, it would take 17 years. But if I turn off "On-Access" scanning, it finishes up in about 8 hours.

    This issue has been around for a while, and not even an ETA for a fix...

    So, given the choice between not having anti-virus, not using Time Machine, or not using Sophos, there's really not much of a decision for me.

  • I decided the solution is to disable on-access scanning. Instead I have a more thorough scan scheduled daily. I used to only scan email spam and deleted folders as that is where 99.9% of all malware is detected. So now I scan everything except external volumes and certain other specific areas. Machine runs better this way, and probably protection does not suffer too much.