Unable to right click and scan

Hello all,

 

A user I am dealing with is having trouble just trying to right click and scan with Sophos. Once he clicks "Scan with Sophos Anti-Virus", the blue wheel appears for a moment and then nothing happens, at all. No error messages or dialogues. When trying the exact same thing on an admin account, a UAC prompt asks for permission to make changes, but then again nothing appears. On another PC with the exact same privileges, the scans work quickly and well. Reinstalling Sophos didn't work either, I might add. Any ideas on what the problem could be here?

 

Thanks!

  • Hi  

    Do you see the right-click scan summary when you Scan the file with Sophos Anti-Virus? Also please check under the scan logs if you see the items which are being scanned. 

  • In reply to Shweta:

    Hi Shweta, absolutely nothing appears when clicking "Scan with Sophos Anti-Virus". No summary. I can't seem to find any meaningful logs. Could you point me specifically where right click scanning logs would be?

    Thanks.

  • In reply to Remy Di Mauro:

    Hi  

    Could you please check under the path: C:\ProgramData\Sophos\Sophos Anti-Virus\logs for SAV.txt and see if you view the events for Right-Click Scan. 

  • In reply to Shweta:

    Thanks Shweta for the clarification. Here's a pastebin of the 2 logs, SAV and SAV-Trace. I can't seem to see the files I scanned in there but are there any obvious problems?

     

    SAV: https://pastebin.com/tpJgZbRe

    SAV-Trace: https://pastebin.com/KurCNba9

  • In reply to Remy Di Mauro:

    Hi  

    Unfortunately, Pastebin is not accessible in our organization, so we are not able to view the logs.

    It'd great if you can just attach the log file to the post.

  • In reply to Jasmin:

    No worries,

    SAV.txt
    20200102 230615	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562653 items.
    20200102 230615	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    20200102 230810	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562653 items.
    20200102 230812	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    20200102 230833	The automatic sending of file data and samples for Sophos Live Protection is enabled.
    20200102 231405	Scan 'Right-Click Scan' started.
    20200102 231406	Scan 'Right-Click Scan' completed.
    20200102 231406	Summary of results for scan 'Right-Click Scan':
    		Items scanned: 2
    		Errors: 0
    		Items quarantined: 0
    		Items dealt with: 0
    20200102 232428	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562653 items.
    20200102 232429	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    20200102 232624	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562653 items.
    20200102 232625	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    20200102 234111	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562653 items.
    20200102 234111	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    20200102 234701	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562676 items.
    20200103 060324	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562690 items.
    20200103 071103	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562690 items.
    20200103 071103	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    20200105 221850	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562752 items.
    20200106 001848	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562753 items.
    20200106 063000	Scan 'Sophos Cloud Scheduled Scan' started.
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe".
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe".
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\python.exe".
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\python3.exe".
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe".
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe".
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".
    20200106 063908	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\python.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\python3.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".
    20200106 063932	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\python.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\python3.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".
    20200106 064638	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\python.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\python3.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".
    20200106 065003	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\andrew.swanborough\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe".
    20200106 071213	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe".
    20200106 071213	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe".
    20200106 071213	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\python.exe".
    20200106 071213	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\python3.exe".
    20200106 071214	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe".
    20200106 071214	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe".
    20200106 071214	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".
    20200106 071215	Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe".
    20200106 220342	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562753 items.
    20200106 220343	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    20200106 220921	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562812 items.
    20200106 225007	Using detection data version 5.70 (detection engine 3.77.1). This version can detect 44562812 items.
    20200106 225008	User (NT AUTHORITY\LOCAL SERVICE) has started on-access scanning for this machine.
    
    SAV-Trace.txt

  • In reply to Remy Di Mauro:

    Hi  

    The logs from SAV.txt has below events from 2nd January, so if you tried to run right click and scan on 2nd January, then it happened successfully.

    20200102 231405 Scan 'Right-Click Scan' started.
    20200102 231406 Scan 'Right-Click Scan' completed.
    20200102 231406 Summary of results for scan 'Right-Click Scan':
    Items scanned: 2
    Errors: 0
    Items quarantined: 0
    Items dealt with: 0 

    Please let us know if you have any queries on this.

  • In reply to Jasmin:

    Yes, it worked once. Then every single subsequent attempt (and there were many) failed and it still fails to this day.

  • In reply to Remy Di Mauro:

    Hi  

    If that is the case, I'd request you to open a support case here as this needs more logs and detailed troubleshooting.

    Please PM me the case number once it is created.

  • In reply to Jasmin:

    Hi  

    Thank you for providing the logs, I can see a couple of errors under the logs: 

    20200106 071214 Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe".
    20200106 071215 Sophos Endpoint Defense returned an error (code: 0xc0000279) while scanning "C:\Users\admin-rdimauro\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe"

    Error 0xc0000279 means Sophos Endpoint Defense cannot obtain a lock on the file for scanning. This can happen for a number of reasons. One reason is that the file may be temporary and may not exist anymore and/or the directory the file is in looks as though it may be temporary. We are aware of this issue regarding Edge.exe specifically and our development team is currently working on the same. It is not considered a security risk and there is no fix scheduled at this time for the release. 

    To recall "On another PC with the exact same privileges, the scans work quickly and well", could you please check the logs on that machine as well where it is working fine? Are both machines on same OS? If so, also ensure that it has the latest updates provided by Microsoft. 

  • In reply to Shweta:

    Hi  

    I just wanted to follow up on this issue, did you manage to resolve this issue? Please let us know if any further help is required.