This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

talpa-deny google-chrome Ubuntu 14.04.2 LTS

Hi,

As of June 27th, 2015 Chrome no longer opens due to sav-protect talpa denying the process. How can we get this resolved? 

Logs:

/varlog/syslog:

Jun 29 19:03:06 hostname savd: savd.daemon: Sophos Anti-Virus daemon started.
Jun 29 19:03:07 hostname kernel: [105654.407155] talpa-pedevice: Attached
Jun 29 19:03:07 hostname kernel: [105654.410844] talpa-vfshook: rootfs is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.410921] talpa-vfshook: Patching devtmpfs
Jun 29 19:03:07 hostname kernel: [105654.410985] talpa-vfshook: devpts is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.411304] talpa-vfshook: sysfs is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.411351] talpa-vfshook: cgroup is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.411354] talpa-vfshook: fusectl is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.411356] talpa-vfshook: debugfs is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.411358] talpa-vfshook: securityfs is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.411361] talpa-vfshook: Patching pstore
Jun 29 19:03:07 hostname kernel: [105654.411392] talpa-vfshook: proc is on the skip list, not patching
Jun 29 19:03:07 hostname kernel: [105654.411434] talpa-vfshook: Patching ecryptfs
Jun 29 19:03:07 hostname kernel: [105654.411600] talpa-vfshook: Patching ecryptfs
Jun 29 19:03:07 hostname kernel: [105654.417798] talpa-cache: Enabled
Jun 29 19:03:10 hostname savd: savd.daemon: On-access scanning enabled using talpa.
Jun 29 19:03:10 hostname kernel: [105657.637566] talpa-vfshook: Enabled
Jun 29 19:04:09 hostname kernel: [105716.445593] talpa-deny: Timeout occurred while opening /opt/google/chrome/chrome on behalf of process google-chrome-s[21262/21262] owned by xxxx(xxxx)/xxxx(xxxx) <0>


/opt/sophos-av/log/talpaselect.log:

[Talpa-select]
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.
2015-06-29 19:03:06 PDT /opt/sophos-av/engine/_/talpa_select selectexisting
Verifying source pack contents...
Verifying binary pack contents...
[Talpa-select]
Copyright (c) 1989-2015 Sophos Limited. All rights reserved.
2015-06-29 19:03:06 PDT /opt/sophos-av/engine/_/talpa_select load --hook talpa_vfshook
Linux distribution: [ubuntu]
Product: [Ubuntu 14.04.2 LTS]
Kernel: [3.16.0-41-generic]
Multiprocessor support enabled.
Searching for source pack...
Verifying source pack contents...
Searching for suitable binary pack...
Verifying binary pack contents...
Found suitable binary pack. Using: /opt/sophos-av/talpa/dist/talpa-binpack-ubuntu-x86_64-3.16.0-41-generic-5714041ubuntusmpthujun18180113utc2015.tar.gz
Loading Talpa kernel modules version 1.18.6...
Complete.

Other logged talpa-deny:

.kde/share/config/ksmserverrc

/usr/lib/firefox/libxul.so

/opt/sophos-av/tmp/saviDebug.log

/usr/share/locale-langpack/en_CA/LC_MESSAGES/glib20.mo

/usr/bin/virtuoso-t on behalf of process kactivitymanage

/usr/lib/cups/notifier/dbus

/.local/share/akonadi/db_data/mysql/*

:1021134


This thread was automatically locked due to age.
  • Hi Paul,

    this issue was due to an ide file in a data update released on Fri 26th by Sophos Labs. This issue was resolved on Monday and you should no longer be encountering this error.

    thanks,

    Dominic

    :1021158
  • Hi Dominic.

    I seem to have lost the Web Gui functionality after running the savupdate this morning.

    /opt/sophos-av/bin/savsetup
    Welcome to Sophos Anti-Virus interactive configuration


    [1] Display update configuration

    Configure primary update source:
    [2] From Sophos
    [3] From own server

    Configure secondary update source:
    [4] From Sophos
    [5] From own server

    [q] Quit
    What do you want to do? [1]
    >

    Maybe I haven't had enough coffee this morning, was that feature removed recently? (I don't have a 8081 tcp port listening)

    (https://www.sophos.com/en-us/medialibrary/PDFs/documentation/savl_9_cgeng.pdf page 24)

    :1021160
  • Hi Paul, 

    actually this is correct. As of SAV Linux 9.10 which was fully released on July 2nd, the GUI has been removed. The reason for this is that very few customers used it, it hadn't been developed for a long time. 

    This will also be the case for fully licensed standalone and managed customers. 

    thanks, 

    Dominic

    :1021246