Standard scan stalls on dslocal-backup.xar file. OS X 10.11.1, Sophos 9.4.0

(I thought I'd managed to inadvertently click on something dodgy accessed via CNN news website; a strange website loaded; I shut everything down but wanted to do a scan just to be safe). Scan sits on file dslocal-backup.xar for hours. I see others have had this issue. Should I try to send in my dslocal-backup.xar file?

  • Hi Shirley,

    Sorry to hear you're having trouble with this. We just released a new version of SAV (9.4.1) so I'm curious to know if you've noticed any improvements on the latest version?

    Thanks,
    Serra

  • In reply to serra:

    I'm using 9.4.1 and it keeps hanging. I've tried it three different times tonight. I just upgraded to OS X 10.11.1 today.
  • In reply to ellenbrodsky:

    Hi Ellen,

    Have you noticed if there is a particular file that the scanner is getting stuck on?
  • Hi Serra, sorry for the late reply but I'm still having problems. I'm on Sophos version 9.4.1 and OS X 10.11.1 and I've just run 'Scan This Mac' and it has stopped again at file dslocal-backup.xar
  • In reply to ShirleyAngela:

    Hi Shirley,

    I did some digging on this one, and it turns out there may be some issues with that specific XAR file you have. You can submit your copy of the file, if you are willing, here: secure2.sophos.com/.../sample-submission.aspx

    If you do submit, please describe the problem as related to scanning, and include the scan settings. I'm guessing this a Custom Scan, be sure to specify which options you turned on. Also note that this is from the Mac Home Edition product.

    In the meantime, what you can do to workaround is add an exclusion for that file. That should enable your scan to complete.

    1) Open Finder
    2) press cmd + shift + G (a path field will appear in Finder)
    3) type /private/var/db/ and hit return

    This will open the location of dslocal-backup.xar

    1. Choose Sophos Anti-Virus ➤ Preferences .
    2. Click On-access Scanning.
    3. If some settings are dimmed, click the lock icon and type an administrator name and password.
    4. Click Excluded Items.
    5. Do one of the following:
    • Drag the item(s) from the previous step to be excluded to the list of excluded items.

    Hopefully that makes sense - sorry it's not the simplest workaround!
  • Hi Serra,

    I can find my dslocal-backup.xar file using your instructions but I can't seem to get to the file to choose it from the sample screen. I navigate to Macintosh HD but it won't let me go from there to /private/var/db/ , am I doing something wrong or is there a step I'm missing out?
  • In reply to ShirleyAngela:

    Hi Shirley,

    I just tested it, and if you use the below steps (variation of what you did before) when you're at the sample upload screen, it should work.

    1) Select "Choose File"
    1) Once Finder is open, press cmd + shift + G (a "Go to Folder" path field will appear)
    2) type /private/var/db/ and hit return

    Finder automatically hides system files so users don't accidentally muck around in them, which is great until you actually need to get them. Then it's a bit more complicated!

    That said, did you manage to get the exclusion ok? Are you able to complete a scan without issue now?
  • Hi Serra,

    I don't know if I've managed to submit a sample of the file or not. I can choose it using your instructions but when I click submit the screen sits for quite a while then goes blank. I've tried this twice so I don't know what 'mess' of samples I've managed to create at the Sophos end! I will try the exclusion instructions (quite technical for me but a bit of an adventure ....)
  • Hi Serra,

    I followed your instructions of listing the dslocal-backup.xar file as an exclusion in the On-Access section of the Sophos preferences. I then ran the option "Scan This Mac" from the drop-down menu but it still hung on the same file. I can see that Custom Scans can be built with inclusions and exclusions but I don't know how to run that to include absolutely everything EXCEPT the dslocal-backup.xar file (especially since some files aren't shown in the options for inclusion).
  • Hi everyone.
    I was having this same problem & read the 3-4 similar posts on the dslocal-backup.xar problem.
    Here's what I did:
    Followed instructions for excluding the file by double-clicking the white space in the "Scan This Mac" box.
    Ran scan & it still got stuck on this file.
    Followed instructions for excluding the file from Sophos - Preferences - OnAccess - Excluded items.
    Ran scan & it still got stuck on this file.
    Explored some more & realized that I have this file in 2 places because I have 2 partitions on my hard drive.
    Added exclusions to both places for both copies of this file.
    Success - well mostly.

    Then I had a problem with the scan hanging on jdk-8u60-macosx-x64.dmg. In this case, however, I could stop the scan with the button without having to resort to rebooting computer (as I had to when it hung on dslocal). So I exclude this file in both locations.
    Reran scan & it still hung.
    Deleted file (I can download java installer if I ever need it again)
    Reran scan & this time it finished (in about 3.5 hours).

    Please read the other posts regarding dslocal-backup.xar for instructions on how to exclude the file from BOTH areas (double clicking white space in "Scan This Mac" box AND the OnAccess areas). One or two of the posts will explain how to open the folder even though it is "hidden."

    Good luck & hope this helps.
  • In reply to KathrynAlbee:

    Thanks Kathryn, I tried this both with excluding by double-clicking the white space in the "Scan This Mac" box alone and also loading Excluded items in the OnAccess Preferences (dslocal file in both cases). I'm thrilled to say that my scan completed successfully each time. PROBLEM SOLVED FOR ME!
  • In reply to ShirleyAngela:

    Hi Kathryn and Shirley,

    I am so happy to hear you were able to find a workaround for this.