The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
When running Sophos Anti-Virus for Mac (SAV for Mac) version 9.1.6 you see one or more of the following symptoms:
To confirm your computer is affected by this problem look at the local install.log file (open Console and on the left hand panel select the /var/log/install.log file) locally on any endpoints, then search for these entries in the string matching field:
[SMEReceiptServiceStrategy.m:213] "(null)" success: YES
Failed to launch daemon com.sophos.notification. Continuing.
Failed to launch daemon com.sophos.webd. Continuing.
Failed to launch daemon com.sophos.intercheck. Continuing.
First seen in Sophos Anti-Virus for Mac OS X 9.1.6
Fixed in Sophos Anti-Virus for Mac OS X 9.1.7
A race condition in SAV for Mac v9.1.6 can result in AutoUpdate and the On-Access scanner being left in a disabled state after an update occurs. Note that this issue can occur more than once while v9.1.6 is installed (if the same race condition occurs again).
This issue will be resolved in SAV for Mac v9.1.7 which is being released on Wednesday 3rd September 2014
Until this date, and depending on the number of Mac endpoints affected, use the workarounds below to resolve the issue immediately
Run the following one-line command in Terminal:
sudo /Library/Caches/com.sophos.sau/CID/Sophos\ Anti-Virus.mpkg/Contents/Resources/Installer.app/Contents/MacOS/tools/InstallationDeployer --install Note: It is still possible for the issue to reoccur after running this command.
sudo /Library/Caches/com.sophos.sau/CID/Sophos\ Anti-Virus.mpkg/Contents/Resources/Installer.app/Contents/MacOS/tools/InstallationDeployer --install
Downgrade the installed version of SAV for Mac to version 9.0.11 by configuring your Sophos Update Manager (SUM) to use the ‘Previous Recommended’ subscription.
Important: You now need to run the same Terminal command - shown in the section above - on any affected systems to resolve the immediate issue to allow them to downgrade to v9.0.11. Once the command is run on affected Macs they will then receive the new updating policy, connect to the folder with v9.0.11 shared out, and proceed to downgrade.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.