Here is the most recent log: 2016-02-22 16:21:01 Info: SSP is already installed. Version: 1.2.0 2016-02-22 16:21:01 Info: Upgrading from version: 1.2.0 to version: 1.3.0. Right-click scan on My Computer / This PC Open File Explorer. Right-click on This PC in the left panel then select Scan with Sophos Home. Accept the user account control message: A scan progress window will appear and provide details of completion when finished. A policy is a set of options (for example, settings for malware protection) that Sophos Central applies to protected users, devices, servers, or networks. You can see applications that you have allowed to run on your computers. You can block and clean up suspicious applications.
I've been running Windows 10 exclusively for about three years. I ditched paid antivirus and have been using Windows built-in antivirus (workstations only, of course) for about two years. I have not experienced a single virus outbreak.
Your mileage may vary of course. I use WSUS to push out the AV updates. By the way, my users are generally on the savvy end of the spectrum (software developers) and those who aren't are well trained to come to me immediately with questions. I'm also in a relatively small environment... less than 100 users.
Let me set the scene: You’re happily running a scan with Sophos Anti-Virus for Mac 9…
…and before the scan completes you see a warning in the Scans window that says Issues detected…
The questions now are: What are these issues detected? How do I fix them? Why does the scan report Issues detected and then also No threats found? Surely the only issues should be that the scan found threats right?
Spoiler: These issues are nothing to worry about.
The ‘issues’ are caused by the scanner finding encrypted and/or corrupt files and simply not being able to access them.
On your Mac there will be a number of encrypted files and the scanner is not able to access them because they are…encrypted. Protected. Locked. It should not be able to access them otherwise what’s the point of the file being encrypted? If SAV can break in whenever it wants and have a peek then so can other programs and the encryption is pointless.
Your Mac is also going to have a few ‘corrupt’ files. Well…they may not be exactly corrupt. The structure of the file – or more precisely the file header – is not recognizable to Sophos Antivirus.
When any application (like SAV) ‘reads in’ a file it expects certain information, in a certain order. Usually there is a header, where global information about the particular file is kept.
If this information is not what SAV expects then the file is deemed corrupt. In actuality the file is most likely a system file or a file called only by a particular program that knows how to access or use it – nothing other than that program may be able to work with the file.
So shouldn’t you worry that Sophos didn’t scan these files? They could be malicious right? You don’t need to worry. Yes SAV didn’t scan the file, however the file itself cannot run on its own and hence cannot cause a problem to your computer.
I did say that the file could be called by another program, so maybe that program is malware? Maybe but if it’s able to run (execute on Mac OS X) then it has to properly present itself to the operating system and hence it cannot appear as a ‘corrupt’ file and therefore SAV would properly scan that program.
So the takeaway from this is: You’re absolutely fine. Don’t worry.
I want to see these corrupt and encrypted files
A reasonable request. Open Console from Spotlight…
From the left-hand menu select the Sophos log for the type of scan you ran.
In the screenshot below the ‘Issues detected’ was reported during a ‘Scan this Mac’ scan and hence is under the Scans > Scan Local Drives section. If you run a custom scan the log would be listed under ‘Scan’ > theNameYouGaveTheScan.
Recreate the problem with sweep
Sophos Protection
You can recreate the behavior with the command line version of Sophos Antivirus (sweep). Open Terminal…
…and then type in the command below and press enter.
sweep /Library/Caches/
Tip: If you don’t see any errors try another folder like /Library/ (without the Caches/ bit) for example.
The program will quickly run a scan on the Caches folder and you will see something like this in the scan summary in the Terminal window…
5628 files swept in 25 seconds.
4 errors were encountered.
No viruses were discovered.
Ending Sophos Anti-Virus.
The ‘X errors were encountered’ is the same thing as the Issues detected message that is reported in the graphical frontend of SAV – sweep doesn’t report anything to the frontend so Terminal is the only place you’ll see issues for this scan.
Above the scan summary you will be able to see the actual files that caused the errors. It will be different messages for different computers but you may see Could not open messages etc.
Sophos Antivirus Is Active But On-access Scanning Is Not Running
Again: Don’t lose any sleep over these messages.