• Sophos Antivirus Is Active But On-access Scanning Is Not Running
• Sophos Rating

Let me set the scene: You’re happily running a scan with Sophos Anti-Virus for Mac 9…

…and before the scan completes you see a warning in the Scans window that says Issues detected…

Scenario 4 - The Mac doesn't have available slots to load Sophos Home This issue occurs when the Mac runs out of virtual slots to load applications (this usually happens when virtual machines are installed, and similar software is being used). Follow these steps to correct that: There are too many applications that register virtual devices. First, ensure you are running Sophos Home 10.0.1a1 and one of the supported versions of macOS 11. If the Welcome to Sophos Home screen keeps appearing after following the onscreen steps, you will need to manually add the com.sophos.endpoint.scanextension.systemextension component to Full Disk Access. Hi, The option was not intended as a fix, just as a way of getting more information about which services were missing on each client to see if there was a common theme.

The questions now are: What are these issues detected? How do I fix them? Why does the scan report Issues detected and then also No threats found? Surely the only issues should be that the scan found threats right?

Spoiler: These issues are nothing to worry about.

The ‘issues’ are caused by the scanner finding encrypted and/or corrupt files and simply not being able to access them.

On your Mac there will be a number of encrypted files and the scanner is not able to access them because they are…encrypted. Protected. Locked. It should not be able to access them otherwise what’s the point of the file being encrypted? If SAV can break in whenever it wants and have a peek then so can other programs and the encryption is pointless.

Your Mac is also going to have a few ‘corrupt’ files. Well…they may not be exactly corrupt. The structure of the file – or more precisely the file header – is not recognizable to Sophos Antivirus.

When any application (like SAV) ‘reads in’ a file it expects certain information, in a certain order. Usually there is a header, where global information about the particular file is kept.

If this information is not what SAV expects then the file is deemed corrupt. In actuality the file is most likely a system file or a file called only by a particular program that knows how to access or use it – nothing other than that program may be able to work with the file.

So shouldn’t you worry that Sophos didn’t scan these files? They could be malicious right? You don’t need to worry. Yes SAV didn’t scan the file, however the file itself cannot run on its own and hence cannot cause a problem to your computer.

I did say that the file could be called by another program, so maybe that program is malware? Maybe but if it’s able to run (execute on Mac OS X) then it has to properly present itself to the operating system and hence it cannot appear as a ‘corrupt’ file and therefore SAV would properly scan that program.

So the takeaway from this is: You’re absolutely fine. Don’t worry.

Nov 06, 2016 Plus overheating the pipe repeatedly will cause ur pipe to crack (no pun intended) and break faster. The longer ur stem is the more surface area for resin to collect. If u want to make the most of each hit, hold it in as long as u can instead of burning the crap outta it. Mar 20, 2019 Provide an overview of. Smoke crack. Economic motivations: collecting resin. Have pipes and are willing to lend them out. A lot of times people don't have any dope. Dec 19, 2009. Scrape it out of your pipe/bowl. Pick up in-between fingers and knead/roll into little resin-balls. It's best to smoke the resin out of a crack-pipe.

I want to see these corrupt and encrypted files

A reasonable request. Open Console from Spotlight…

From the left-hand menu select the Sophos log for the type of scan you ran.

In the screenshot below the ‘Issues detected’ was reported during a ‘Scan this Mac’ scan and hence is under the Scans > Scan Local Drives section. If you run a custom scan the log would be listed under ‘Scan’ > theNameYouGaveTheScan.

Recreate the problem with sweep

You can recreate the behavior with the command line version of Sophos Antivirus (sweep). Open Terminal…

…and then type in the command below and press enter.

sweep /Library/Caches/

Tip: If you don’t see any errors try another folder like /Library/ (without the Caches/ bit) for example.

The program will quickly run a scan on the Caches folder and you will see something like this in the scan summary in the Terminal window…

5628 files swept in 25 seconds.
4 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.

Sophos Antivirus Is Active But On-access Scanning Is Not Running

The ‘X errors were encountered’ is the same thing as the Issues detected message that is reported in the graphical frontend of SAV – sweep doesn’t report anything to the frontend so Terminal is the only place you’ll see issues for this scan.

Above the scan summary you will be able to see the actual files that caused the errors. It will be different messages for different computers but you may see Could not open messages etc.

Again: Don’t lose any sleep over these messages.

You can see applications that you have allowed to run on your computers.

On the Settings > Allowed Applications page you can see applications that you have allowed to run on your endpoint computers.

The page shows where the application was originally detected (if applicable) and how it was allowed.

About allowed applications

Our software detects threats that are previously unknown. However, it may sometimes identify an application as a threat, even though you know that it’s safe. When this happens, you can “allow” the application. This does as follows:

• Prevents this detection from happening again.
• Restores all copies that have been cleaned up (removed from computers).

Alternatively, you can allow an application in advance, so that it won't be detected when you install it for users.

Allow an application that's been detected

Only allow an application if you know it's safe. For help deciding, see How to investigate and resolve a potential False Positive or Incorrect Detection.

To allow an application that Sophos has detected and removed, do as follows.

Note that:

• This allows the application for all computers and users.
• This allows the application to start, but we’ll still check it for threats, exploits and malicious behavior when it's running.

1. Go to the Computers or Servers page, depending on where the application was detected.
2. Find the computer where the detection happened and click on it to view its details.
3. On the Events tab, find the detection event and click Details.
4. In the Event details dialog, look under Allow this application.
5. Select the method of allowing the application:
   • Certificate: This is recommended. It also allows other applications with the same certificate.
   • SHA-256: This allows this version of the application. However, if the application is updated, it could be detected again.
   • Path: This allows the application as long as it's installed in the path (location) shown. You can edit the path (now or later) and you can use variables if the application is installed in different locations on different computers.
6. Click Allow.

Edit the path for an allowed application

You can change the path that you specified when you allowed an application.

1. On the Allowed Applications page, find the application. The current path is shown in the details.
2. Click the edit icon (the pen) on the far right of the page.
3. In the Edit path dialog, enter the new path.

When you edit a path, details of the original detection (user, computer and path) are removed from the list.

Start detecting an application again

If you want Sophos to start detecting and removing an application again, you remove it from the Allowed Applications list.

Sophos Rating

Select the application and click Remove (in the upper right of the page).