Sophos Anti-Virus FAQs

Sophos 9 (Upgrade) Windows Only:

VCU Technology Services will be rolling out Sophos anti-virus 9 very soon.  There is no requirement for the general VCU community to upgrade to the new version of Sophos using the manual process.  For those who wish to wait, we plan to schedule an automatic upgrade through Sophos. 

Sophos anti-virus 9 Features: 

  • Sophos anti-virus 9 is part of SESC “Sophos Endpoint and Security” it will have a slightly different interface then Sophos anti-virus version 7. This means many of the procedures covered under Sophos anti-virus 7 will work in Sophos anti-virus 9, but would be accessed differently. If you need assist following any of the procedures shown please contact the VCU technology Services Help Desk.
  • If the anti-virus is disabled, there will be a yellow triangle over the shield.
  • To open the application, double click the shield.
  • To update the application, right click the shield.

Sophos 7  Windows Only


Sophos Installation & Upgrade:

PUAs (Potentially Unwanted Applications):

Viruses:

Computer Performance & Sophos Functionality:

For Mac Only

Sophos 7 Windows and Mac:


 

Do I have enough memory to run Sophos?

Sophos requires a minimum of 256MB of RAM memory to run. If you have a graphics card that shares RAM with your computer, you need more than 256MB to run Sophos. If you don't know how to tell how much memory your computer has, we've created a 1 page PDF to show you. Get it here.

What happens if my Sophos installation fails?

If you get the "!!! Sophos Anti-Virus has Failed to install. Please Contact the VCU Help Desk @ 828-2227 !!!" message, your install failed. The most common reason this might happen is if you have another anti-virus program installed that you did not remove. First, look on your control panel to see if there's another anti-virus program, uninstall it, and try to install SophosAV again. If you didn't find another anti-virus program, do a search on your computer for the file "Sophos Anti-Virus competitor list.txt."

If your computer finds this file, save a copy of it to your desktop. Reinstall your old anti-virus software (so your computer remains protected) and call the Help Desk at 804-828-2227. Once a help ticket is generated, you may be asked to send this file to your Help Desk technician. The Help Desk will work with you to resolve this issue so you can install Sophos. More information: Expanded instructions with pictures

I use a version of Windows older than Windows 2000. How do I install Sophos?

Since Microsoft does not support Windows versions prior to Windows 2000, VCU Technology Services also does not support these versions of Windows and does not provide a version of Sophos for these versions of Windows (Windows 95, 98, ME and NT).

What does it mean that Microsoft doesn’t support these versions of Windows? Well, since they no longer issue security updates for these programs, Windows 95, 98, ME, and NT can be unsafe to run. If you have any personal information on one of these computers and use it over the Internet you are placing your data to a high risk of being seen by others.

If you install anti-virus software on a computer running Windows 95, 98, ME, and NT, it will not completely remove the risk of data lost covered above. Anti-virus can provide protection from known files used to attack computers but there are attacks that can be done against un-patched operating systems, like Windows 95, 98, ME, and NT, that can get around anti-virus software.

So what should you do if you wish to run anti-virus software anyway? If you have the Symantec Anti-virus software provided earlier by Technology Services, it will run on the Windows 95, 98, ME, and NT computers and continue to get updates. Technology Services will support Symantec until June 2007. Technology Services no longer provides the Symantec Ant-virus software and after June 2007 you will need to uninstall Symantec and investigate buying your own anti-virus solution for Windows 95, 98, ME, and NT.

Instead of trying to make your unsafe system work, you should consider upgrading to a supported version of Windows. The Windows XP requirements recommends a 300 megahertz or higher processor clock speed, which is more then most Windows 95, 98,ME and NT computers will provide. This along with a hard drive size of 3GB or higher may make getting a new computer in place of upgrading parts a thing to consider. Additonally if you wish to use SophosAV on the future computer it will require at least 256MB of RAM. To explore upgrading your current computer you can contact VCU G2G Service Desk or 804-828-2227). If you have additional questions you can call the Help Desk (804-828-2227) for assistance. For more information about the lifecycle of Windows, you can visit their information site at support.microsoft.com/gp/lifepolicy

How do I tell what version of Sophos I have installed? (For Windows)

  1. Right click the Sophos shield
  2. Click "Open Sophos Anti-virus"
  3. Look in the upper left area under "Status"
  4. A "Product version" number will be listed showing what version of Sophos is installed.

How do I open the Sophos Anti-virus program?

Right click the blue shield and then select Open Sophos Anti-virus.

What if, after installation, Microsoft Anti-Spyware or another program asks if Sophos should be allowed to run or start up with my computer?

If Microsoft Anti-Spyware or any other programs that monitor changes to your startup or system asks if Sophos may run or start up, click OK or Yes to allow Sophos to start up and run.

How do I manually upgrade my Sophos Anti-virus 6.x version?

  1. Check your Sophos Anti-virus version
    1. Right click the Sophos shield
    2. Click "Open Sophos Anti-virus"
    3. Look in the upper left area under "Status"
    4. A "Product version" that begins with 6 needs to be upgraded to 7. Go to step B.
    5. A "Product version" that begins with 7 requires no upgrade and no action is needed.
  2. If you have Sophos version 6 installed, upgrade to version 7.
    1. Here are 3 things to know before you start.
      • Install Sophos Anti-virus version 7 right over the Sophos version you are running now. There is no need to uninstall it first.
      • During this upgrade you may get a pop up message saying the upgrade occurred and asking you to reboot your computer. Click "Restart later".
      • The upgrade process returns Sophos Anti-virus to Technology Services' default settings. You will need to reapply any custom changes you made earlier.
    2. Download Sophos Anti-Virus SoftwareDownload Sophos Anti-virus version 7.

How to manually download IDEs (Virus Identity Files)?

Sophos Anti-virus provided by VCU automatically updates its virus identities files every 2 hours. If there is a need to manually update the virus identities IDEs one can follow the procedure below.

To Update IDEs manually:

  1. Go to http://www.sophos.com/downloads/ide/
  2. Download the zip file for the version of Sophos on your computer
  3. Save it on to your desktop
  4. Extract the zip to "C:\Program Files\Sophos\Sophos Anti-Virus"
  5. Reboot your computer

Why is Windows Security Center reporting that my antivirus protection is out of date?

First confirm Sophos is up to date.

  1. Open Sophos
  2. Look in the upper left corner under "Status" and see when the last update time was.
  3. If the last up date time is today, your Sophos program is up to date.
  4. If the last up date time is over two days old, close Sophos and follow step 5.
  5. Double click the Blue shield to start a manual update.
  6. Once the update completes, open Sophos again and check the last update time.
  7. If the last update time is not today, See the first question on the FAQ list (Why is there a white X over the Sophos icon next to my clock).

The Windows Security Center has been known to get confused between the Sophos version on the computer and the up to date status of the Sophos application. This condition can last for weeks, until the Sophos version changes. While this is occurring, check the Sophos update status as shown above, once a week to confirm the updates are working.

What is a PUA?

PUA stands for Potentially Unwanted Program. This is a program you have installed on your computer that Sophos thinks might be bad. It could be spyware, but it also could be a program you installed and want to run on your computer. For example, Sophos will list WeatherBug as a PUA. For more information about PUAs, how to find them, and how to handle them, please see the VCU Sophos PUA Manual.

How does Sophos find PUAs?

Sophos at VCU is preconfigured to run PUA scans on Wednesday, Friday and Sunday at noon and 6:00 pm. You can also configure a scan to run when you would like; instructions for configuring a manual scan for PUAs [PDF]. For more information about PUAs, how to find them, and how to handle them, please see the VCU Sophos PUA Manual.

How do I change the time of my scheduled PUA scan?

To change when the scheduled scan runs click Start menu > All Programs > Accessories > System Tools > Scheduled Tasks. Double click the Sophos scheduled scan to open that task.

Click the Schedule tab. Here you can change the day and times the scan will run. Make sure you set the scan for a time your computer is likely to be on--the scan will only run while your computer is turned on. Click OK. For a printable PDF instruction sheet with pictures, click here.

For more information about PUAs, how to find them, and how to handle them, please see the VCU Sophos PUA Manual.

How do I find out what PUAs Sophos has found on my computer?

Open Sophos, and click on Configure Sophos Antivirus and then on the Authorized application list. You’ll see a list of the applications found in the scan. This is also where you can choose which of the PUAs you really want to run on your computer (like, maybe, WeatherBug). Click on the application and then Add to move it to your Authorized Applications List. For more information about PUAs, how to find them, and how to handle them, please see the VCU Sophos PUA Manual.

Help! I have a virus!

If you get a message saying Sophos has detected a virus, don't panic. Sophos will automatically quarantine in place, which essentially puts the virus in a box so it won't infect your computer. But you should probably delete the file. Instructions are here.

How do I scan for and handle viruses?

Sophos will automatically scan for viruses, and will quarantine in place any virus it finds so it won't infect your computer. But if you want to manually scan for viruses and want to know more about what to do with them if Sophos finds them, we've created a short PDF to help you do that. Download it here.

Why is my computer running slow?

With Sophos open, Click on the Configure menu, and then On-access scanning…

You keep talking about a blue shield, but mine's gray. What's up with that?

If the shield in your system tray is gray, it means you have on-access scanning turned off. You should turn it back on. You can learn how here.

I'm trying to install a program and I'm supposed to disable my antivirus. How do I do that?

You need to disable on-access scanning. Instructions are here.

How do I change my settings, or return to the default settings, in Sophos?

See the following documents for a step-by-step tutorial:

Why does iTunes take longer to close and show saving library on exit?

Sophos anti-virus may be the cause. First make sure iTunes is closed. Then do the following to allow Sophos to work with iTunes better.

Adding an exclusion for the iTunes files.

  1. Open Sophos
  2. Click Configure Sophos anti-virus
  3. Click "on-access scanning"
  4. Click "exclusions" tab
  5. Click "add"
  6. Select "File" from the drop down list for item type
  7. Click "Browse"
  8. Click the "my documents" icon on the left of the window
  9. Double click the "my music" folder, then double click "iTunes" folder.
  10. Select the iTunes file "iTunes Music Library.xml".
  11. Click "open" (This will take you back to the Exclude item window)
  12. Click "ok" (You should now see the path to your added file in the Excluded item list.)
  13. (Repeat steps 5 through 12 for the iTunes file "iTunes Library.itl". )
  14. Once both files are added click "ok" to close the On-access scan settings for this computer window.
  15. Close Sophos
  16. Try opening and closing iTunes to see if this corrected the problem.
  17. If the problem was not resolved it could relate to the size of the Library and other software on your computer.

Why is my Mac running slowly?

Sophos may be set to search archives, which will both slow down your Mac and cause multiple error messages from Sophos. It's easy to fix. Click on the blue Sophos shield on the right side of your menu bar. Click on Open Sophos Anti-Virus. On the Sophos screen, on the top right-hand side there are 3 icons: a question mark, an open book, and, well, we're not sure what that is, but click on the OTHER icon. Click on Scanning Options in the Configuration list, and make sure there is NOT a check in front of "Scan inside archive and compressed files" or "scan mailboxes." That should speed things up.

Why don't I have information about PUAs for the Mac?

Sophos doesn't have a PUA scan available for Macs. But you know what? That's okay. You have a Mac! PUAs are not as big a problem on Macs as they are on Windows PCs.

Help! These error messages are driving me crazy!

If Sophos keeps giving you error messages that it can't scan in some files, don't worry, it's not a big problem. You can turn off the notification so those messages don't keep bothering you. It will still notify you that you have a virus.

Click on the blue Sophos shield on your menu bar. Click on Open Preferences.
The Sophos dialog box will show up. If the buttons are grayed out, you'll need to click on the lock on the lower left corner to unlock the program and it will ask for your password. Then with Scanning highlighted, click on the drop-down menu in the middle of the window and highlight Desktop Alerts. Enable desktop alerts should be checked. Click the radio button next to Viruses. That should turn off the default (Viruses and errors). Then click on Set. When you're done, click on the lock in the lower left corner again to lock the program back up.

You will still get notification when the program updates, but this will mean you'll only get a notice only if the program finds a virus.

How can I choose what to scan and do a manual scan? (Mac)

You can easily customize your scans. Click on the blue Sophos shield on the menu bar, and click on Open Sophos Antivirus. A window comes up with all your drives listed. Sophos will scan all the volumes that are enabled. You'll know they're enabled because there's a little button to the left of the volume icon that either looks like a green sun with rays, or it looks like a dark button. The "sun" means they're enabled. Just click on the button or sun to turn them on or off. Clicking on the green arrow above the list will start a manual scan, and clicking on the red square next to that will stop the scan. When you're done, just Quit Sophos Antivirus from the menu bar. Sophos will continue to run in the background.

How do I tell what version of Sophos I have installed? (Mac)

In MacOS X, you can check what version you have by clicking the Sophos shield icon in your menu bar and choosing About Sophos Anti-virus from the dropdown menu.

How do I uninstall Sophos from my Mac?

If the Sophos icon is blue use procedure A, if black use procedure B below:

A. Please use this procedure to uninstall SophosAV 4.x from your Mac. For more details see Sophos 4x Uninstall pdf.

  1. Open Finder
  2. Select the first Mac drive in the upper left
  3. Double click the "Library" folder
  4. Double click the "Application Support" folder 
  5. Double click the "Sophos Anti-virus" folder 
  6. Double click "Remove Sophos Anti-Virus.pkg" 
  7. Answer the on screen messages

B. Please use this procedure to uninstall SophosAV 7.x and above from your Mac: For more details see Sophos 7x and above Uninstall pdf.

  1. Open Finder 
  2. Select the first Mac drive in the upper left 
  3. Double click the "Library" folder 
  4. Double click the "Sophos Anti-virus" folder 
  5. Double click "Remove Sophos Anti-Virus.pkg" 
  6. Answer the on screen messages 

I just upgraded my Mac to Snow Leopard, why are the Sophos updates failing?

  1. If the Sophos shield is blue it needs to be upgraded, by manually installing the new version from the Technology Services download site.
  2. If the Sophos shield is black try this FAQ procedure.

Why is my SophosAV shield black when it used to be blue?

The current version of Sophos has the following changes from the previous version:
Note: Notification of SophosAV health is shown through the shield; if the shield is hidden no information will be presented to the user.

Why is there a white X over the Sophos icon next to my clock?

If a white X appears over the Sophos icon in the system tray, it means an update has failed or there may be a need for a computer restart after an update occurred. Please verify that you are connected to the Internet, then double click the shield icon to try the update again. If a " could not connect to server" message appears or the white X persists, call the Technology Services help desk 828-2227 . Otherwise if the white X is still there try rebooting your computer. Once the reboot is completed if the white X is still there call the Technology Services help desk 828-2227.

Why is Sophos not updating with a wireless connection?

If you have Sophos installed on your laptop computer (or a desktop computer connected primarily to a wireless network), Sophos might not update itself upon connection. The problem here is that it generally takes a few minutes to establish a wireless connection, and Sophos attempts to update itself immediately upon opening. You will know that Sophos has not updated itself if there is a white "x" on the blue Sophos shield on your desk tray.

To update Sophos manually, first establish a connection to the wireless network. If you are using the VCU wireless network, this means you will need to open a browser window and sign in using your eID and password (it does not matter what website you visit-you merely need to sign in and have the browser connected to your home page). Then (Windows) right-click on the Sophos shield in your desk tray or (Mac) click on the Sophos shield on your menu bar and (both) click on Update Now. Sophos will automatically update itself.

Why are there colored lines appearing on the Sophos icon?

The colored lines appear to be moving up and down the Sophos icon during auto-updates. When an auto-update occurs Sophos checks for new IDE and program files.

Why has the Sophos icon disappeared?

The Sophos icon disappears during some auto-updates. It should reappear within 1min. This occurs when the auto-update process provides more Sophos changes beyond the latest IDE files. If the Sophos icon fails to reappear call Technology Services help desk 828-2227.

What is an IDE (Virus Identity Files)?

IDE stands for Virus Identity Files (yeah, it doesn’t really make sense, but that’s how Sophos refers to them). These are the tools the program uses to tell when something on your computer is a virus, worm, Trojan horse, or other malware. Sophos checks for IDE updates every time you connect to the Internet and every two hours while you’re connected.

How do I get the latest virus warnings e-mailed to me?

Sophos can send you the latest virus warnings and news by email. If you like, you can subscribe at www.sophos.com/security/notifications

How does Sophos work with home dial up connections?

This applies to both Windows and Mac OS X users. Once a month during a Sophos update you will receive an automatic product upgrade. This update normally takes about 30 minutes to download on a 56k modem. There can be much larger updates provided if Sophos makes major changes to the product. The upgrade provided in November 2006, which enabled Sophos Anti-virus to run on Microsoft Windows Vista (Microsoft's newest version of Windows, scheduled to be released to the public at the end of January 2007) was such a change. That upgrade was around 30MB in size and took about 1 hour and 20 minutes to download.

To assist both Windows and Mac OS X dial up users with knowledge of when a larger then normal upgrade occurs we have created a listserve. Once you are added you will receive an email letting you know about future Sophos updates that have larger then normal upgrades. This will allow you to schedule a time when you can dial up and leave your computer connected for enough time to receive the download, in order to keep your system up-to-date and fully protected. Note: You can disconnect while an update is running. Updates that are stopped during the update process will continue from that point next time. Full product changes and protection may not occur until the whole update is completed.

The process below can be used to add yourself to this listserve. You will receive a confirmation request email within 2 hours. Once subscribed, you'll receive an email from Technology Services only when we have knowledge of a Sophos update that will provide a larger then normal upgrade. There's nothing special you need to do to receive this download, just connect as you normally do, or manually start the update by right-clicking on the Sophos shield on your computer and clicking on Update Now.

If you do not receive a confirmation request email please call the help desk 828-2227 for listserve support.



This article was updated: 07/2/2013

Suggested reading for Sophos (Anti-Virus)