Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 11 subscribers
  • Views 21423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Threat detected but doesn't show in Quarantine Manager

eepsers

Hi, SAV detected Troj Agent ANUC and displayed a message stating this.  When I opened Quarantine Manager, however, there was no threat listed for me to clean up.  (I have cleaned up other threats in the past, so I know in a general way how to do this.)  I am afraid whatever this trojan is, it may be stopping the SAV from working properly to clean it.  However, it looks like Troj Agent ANUC is a Windows virus, so I don't know how it could mess up my Mac SAV.  My system info and version of SAV are pictured in the attachments, but basically Yosemite OS X 10.10.3, SAV 9.2.7.  Any help appreciated greatly.

:1021486


This thread was automatically locked due to age.
  • 0
    Hi Eepsers,

    Can you let us know if this issue is still ongoing?
  • 0

    Hi, I have a similar problem with another Windows virus Mal/DrodZp-A.

    I use Sophos Anti -Virus home edition software version 9.4.2 on a current model retina iMac running El Capitain.
    Today while downloading a Kindle ebook from Amazon I got a Sophos threat detection message regarding a Mal/DrodZp-A malware threat. I opened the quarantine manager and briefly saw the threat there. Seconds later it vanished leaving the Quarantine manager empty with a green tick and “No items are quarantined” displayed. This process recurred about 5 minutes later and then again hours later after a re-boot. The only evidence remaining of the attack is in the log which reads; 
    com.sophos.intercheck: 2016-03-15 09:01:42 +1000 Threat: 'Mal/DrodZp-A' detected in 
    com.sophos.intercheck:                              Access to the file denied

    and the second incident 5 minutes later reads the same (and then another).
    I am a bit confused and insecure about this. Has Sophos successfully dealt with and removed the threat (three times?)? Or has the malware evaded Sophos in some way and need to be removed? How come I can’t see it’s location in the log?
    I understand that this threat targets Window OS but I don’t want my mac to be a carrier of a threat to others.
    I would be very grateful for any advice/reassurance re this Sophos detected threat alert,
    Thanks, Pete (Brisbane, Australia)
  • 0

    I'm having the same problem:

    • MacBook Pro, El Capitan (10.11.3)
    • Sophos Anti-Virus Home Edition v9.4.2

    All of a sudden today (Apr 1) SAV starts alerting me to Mal/DrodZp-A. I open Quarantine Manager and there's something there only for less than a second, then all clear.

  • 0

    Hi,

    i am also having a similar issue, repeatedly the pop up appears stating there is a threat or two detected, yet click through to QM and there is either noting there or there is only something briefly there for a second or two.

    It may be irrelevant however i have only noticed this issue since i set up Time machine on my mac, may be coincidence but thought worth a mention.

    Kind regards

    Tim

  • 0 in reply to serra

    I have this issue, any suggestions?

  • 0

    Here in The Netherlands I have the same problem:

    Macbook Pro with El Capitan 10.11.4 and from the begin of April via Gmail SPAM e-mail.

    Using Free SAV for Mac 9.4.2. Displaying the message, opening QM, no threat listed except in the header Mal/DrodZp-A, no location for the thread and after some 5 seceonds the green mark that everything has been cleaned up. But the message returns up to 8 times a day.

  • 0

    I too have the same problem — or at least a similar one… 

    Mac OS X 10.11.4 (El Capitan), Sophos Anti-Virus Home Edition version 9.4.2.

    On at least two different occasions, almost immediately after booting-up the computer, SAV detected a threat, but the quarantine window did not show any files that could be cleaned up. Unfortunately, I did not write down the name of the threat found, and there is no record of it in the logs (as far as I can see). On subsequent reboot there is no warning.

    I am concerned that whatever it is may have hidden itself in the system or deleted itself after doing some unknown damage…

  • 0

    Similar behavior in 2018, macOS High Sierra. Another thread suggested this may be a false alarm from Zotero, which I use. By opening Preferences -> Logging -> View Log Contents, I was able to get the /Library/Logs/Sophos Anti-Virus.log file and confirm that it was alerting on Zotero:

    com.sophos.oas: 2018-10-11 12:40:22 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-11 12:42:41 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-11 12:42:58 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-11 15:39:02 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-11 15:39:04 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-12 12:40:39 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-12 13:40:38 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-12 14:40:58 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-12 14:48:10 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'
    com.sophos.oas: 2018-10-15 09:56:37 -0400 Threat: 'Mal/DrodZp-A' detected in '/Users/Charles.Twardy/Zotero/tmp/YR79APQD.zip'

    I suppose it's possible that Zotero has an infection, or that Mal/DrodZp-A is using Zotero tempfiles, but this seems more like a false alarm. I was able to find the unzipped folder in /Users/<username>/Zotero/storage/YR79APQD, and it has an HTML file and three JavaScript files.  They *appear* to be related to a particular item in my bibliography.  

    Possibly relevant: the new Safari update (OCT-2018) just tightened security on extensions, disabling the Zotero extension.

Unfiltered HTML