Anti-Virus Does Not Remember Authorised Software

Hi Darth Gazak,

Welcome to the forums, is your SAV a managed installation or a standalone install? If it is managed has the application been authorised from the console and therefore in the Anti-virus and HIPs policy in the console? Can you provide more information of the setup.

Hi A_K,

I'm not sure of the difference between managed and standalone installs, but I'll describe the scenario. Sophos is offered free of charge to students at my university, provided as a download. The file is not an executable nor a Windows installer, rather a batch file which I assume re-structures the AV to fit my system. The batch file is accompanied by two data folders, which i again assume is the data required for re-structuring. Executing the batch file seems to have installed Sophos as normal, as I have the shield in the notification area and I'm able to update successfully. 

I can authorise PunkBuster from Sophos when I execute Battlefield, and it works fine. But on a seperate instance of Battlefield, I am required to authorise it again, despite instructing sophos to clear the program. The same happenes when I run ShellExView; I can authorise it and the program runs correctly, but closing and re-opening requires another authorisation.

I hope the extra detail is sufficient, if not I can take screenshots of the Sophos installation directory so you can identify the nature of the installation. I admit the problem is not terribly significant, but it is rather irritating and quite perplexing.

Thanks again.

The best way to know is to see if there is an installed component called Sophos Remote Managment System in the add/remove programs list. If there is then contact your university IT support and request that the program is added to the authorization list.

If it is not managed then check to see if the application is being classed as a PUA and if it is authorize it as a PUA as well as a suspicious behavior application. Can you identify if it is being classed as a PUA, suspicious File, suspicious behavior or buffer overflow? If you are unsure you could always add for all four types!

The only entries in the add/remove program list are Sophos Anti Virus and Sophos Auto Update. I think this means it is an independant installation. You are correct, it is being flagged as a PUA (Both troublesome programs are) I have tried adding them to all authorisation lists, to no avail. I'm beginning to think this has something to do with Windows 7's complicated user control/admin rights, but I am full admin on this system and have taken measures to disable any sort of user control. I am going to uninstall the software and re-install to see if this has any effect.

Before reinstalling I would try adding the authorization to suspicious File, suspicious behavior and buffer overflow just to cover all bases first via "New Entry...".  

Hi,

It is important to note that when authorizing applications such as PunkBuster that any updates coming down to it may see the file change it's checksum and therefore need to be added to the authorized list again, in such a scenario you would see multiple instances of the application come up and it may seem like Sophos is not remembering it's authorization.

Regards,

Mark A.

Thank you both for your input. Punkbuster is a persistantly updating piece of software, intrinsic to cheat/hack prevention nature. I believe that is why Sophos flags it each time. No matter, I can easily alt-tab out the game and authorise in a few clicks. Issue remains unsolved, but the workaround is simple.

Thanks again

Darth Gazak