A user I am dealing with is having trouble just trying to right click and scan with Sophos. Once he clicks "Scan with Sophos Anti-Virus", the blue wheel appears for a moment and then nothing happens, at all. No error messages or dialogues. When trying the exact same thing on an admin account, a UAC prompt asks for permission to make changes, but then again nothing appears. On another PC with the exact same privileges, the scans work quickly and well. Reinstalling Sophos didn't work either, I might add. Any ideas on what the problem could be here?
Hi Remy Di Mauro
Do you see the right-click scan summary when you Scan the file with Sophos Anti-Virus? Also please check under the scan logs if you see the items which are being scanned.
Hi Shweta, absolutely nothing appears when clicking "Scan with Sophos Anti-Virus". No summary. I can't seem to find any meaningful logs. Could you point me specifically where right click scanning logs would be?
Could you please check under the path: C:\ProgramData\Sophos\Sophos Anti-Virus\logs for SAV.txt and see if you view the events for Right-Click Scan.
Thanks Shweta for the clarification. Here's a pastebin of the 2 logs, SAV and SAV-Trace. I can't seem to see the files I scanned in there but are there any obvious problems?
Unfortunately, Pastebin is not accessible in our organization, so we are not able to view the logs.
It'd great if you can just attach the log file to the post.
Jasmin Community Support Engineer | Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'This helped me' link
The logs from SAV.txt has below events from 2nd January, so if you tried to run right click and scan on 2nd January, then it happened successfully.
20200102 231405 Scan 'Right-Click Scan' started.20200102 231406 Scan 'Right-Click Scan' completed.20200102 231406 Summary of results for scan 'Right-Click Scan': Items scanned: 2 Errors: 0 Items quarantined: 0 Items dealt with: 0
Please let us know if you have any queries on this.
Yes, it worked once. Then every single subsequent attempt (and there were many) failed and it still fails to this day.
If that is the case, I'd request you to open a support case here as this needs more logs and detailed troubleshooting.
Please PM me the case number once it is created.
Thank you for providing the logs, I can see a couple of errors under the logs:
20200106 071214 Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".20200106 071215 Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe"
Error 0xc0000279 means Sophos Endpoint Defense cannot obtain a lock on the file for scanning. This can happen for a number of reasons. One reason is that the file may be temporary and may not exist anymore and/or the directory the file is in looks as though it may be temporary. We are aware of this issue regarding Edge.exe specifically and our development team is currently working on the same. It is not considered a security risk and there is no fix scheduled at this time for the release.
To recall "On another PC with the exact same privileges, the scans work quickly and well", could you please check the logs on that machine as well where it is working fine? Are both machines on same OS? If so, also ensure that it has the latest updates provided by Microsoft.
I just wanted to follow up on this issue, did you manage to resolve this issue? Please let us know if any further help is required.