Sophos FAQ

Table of contents

1. Introduction

Below is a list of commonly asked questions concerning Sophos Anti-Virus. If you have any questions about the software and how to install or operate Sophos that is not in the Windows Instructions, Mac Instructions or Linux Instructions, and that is not answered below, refer to your local IT Support or contact the Help Centre.

Note that problems with a departmental or college computer should generally be referred to your local IT Support staff.

If you are looking for information about the Flashback/Flashfake virus infection on Mac computers please see our Flashback page for removal tools and other information about protecting your machine and data.

2. My Sophos installation on Windows failed; what do I do?

If the Oxford Sophos Antivirus Installer fails to install Sophos for Windows it will display a red shield and the message Install Failed. It may also display a reason for the failure.

There can be a number of reasons why the installation fails but the most common reason is that you already have another antivirus software product installed such as a product from Norton, McAfee, AVG and others.

If you already have up to date antivirus software installed and protecting your computer then you don't need to install Sophos as well. If you want to switch to using Sophos instead you should first uninstall the other product using the Programs and Features control panel. You can access the Control Panel from the Start menu.

If you have uninstalled any other antivirus software and still have problems installing Sophos then you will need to send us some log files to help us figure out what has gone wrong.

Right-click on the Oxford Sophos Antivirus Installer screen and select [Export System Logs].

 

.

If the Oxford Sophos Antivirus Installer isn't running, start it up again and once you can see the Start button again right-click on the installer window and select [Export System Logs].

 

The screen will show that the log files are being collected. This can take a few minutes.

 

Once complete you should have a file called sophoslogs.zip on the desktop. The Oxford Sophos Antivirus Installer window will display instructions together with an email address. Send an email to the address shown on the screen and attach the sophoslogs.zip. Please use an appropriate subject line such as Sophos installation failed and include a brief description of the problem and anything you have already tried (such as uninstalling another product).

 

 

3. How do I uninstall Sophos?

Microsoft Windows

To uninstall Sophos on Windows, open the Control Panel and then Programs and Features. You should have two Sophos entries in the list. These are [Sophos Anti-Virus] and [Sophos AutoUpdate]. To completely remove Sophos you need to uninstall both of them. Select one and click on Uninstall . When the first Sophos program has been removed, repeat the process to remove the other. You will usually be prompted to reboot your computer after you uninstall the [Sophos Anti-Virus] program.

OS X

To uninstall Sophos on OS X, open your computer in the Finder (select [Computer] from the [Go] menu). Open your hard disk, which is normally called Macintosh HD unless you have renamed it. Then open the Library folder and finally the Sophos Anti-Virus folder. Double-click on Remove Sophos Anti-Virus.pkg and follow the prompts to uninstall Sophos. Note that the prompts may look as if you are installing rather than uninstalling; this is normal.

Linux

To uninstall Sophos on Linux, run the command sudo /opt/sophos-av/uninstall.sh.

4. Why can't I see the Sophos shield in the Windows system tray or OS X system status bar (near the clock)?

On Windows and OS X systems the shield may occasionally disappear for a short time while Sophos is installing updates. Normally however it will reappear within a few minutes.

If the shield disappears permanently then unless you are running Windows 7 try restarting your computer; if that fails try reinstalling Sophos. On Windows 7 however there may be a different reason and you should try the following first before restarting your computer or reinstalling Sophos.

On systems running Windows 7 the display options for the system tray icons are different and as a result you may rarely if ever see the shield. However if Sophos is running normally you should be able to see the shield by clicking on the double up-arrow near the clock to display any hidden icons.

 

If you can see the blue shield when you do this then everything is running normally. However because the shield is hidden it does mean that you are more likely to miss problems with your Sophos installation. We recommend that you change the settings so that the shield is always visible as follows (this isn't an issue on Windows XP and Vista).

To change the settings select [Customize] from the menu that appears when you click on the double up-arrows near the clock.

 

This will open the Notification Area Icons control panel. Look down the list (and if necessary scroll down) until you see the entry for [Sophos Endpoint Security and Control]. From the drop-down list next to it change the setting to [Show icon and notifications.]

 

5. Where do I obtain the software?

For installation on personal machines, please use the table on the Sophos index page to download software and view instructions.

6. What versions are available?

We are currently distributing Sophos Anti-Virus for Windows version 10.0, Sophos Anti-Virus for Mac OS X version 8 and Sophos Anti-Virus for Linux version 7.5. Additional Sophos software is available to registered IT Support Staff - see the Information for IT Support Staff page.

7. What platforms does these versions run on?

Sophos for Windows version 10.0 runs on Windows 7, XP (SP1a and above), Vista and 2000 (SP3 and above). On the Mac, Sophos for OS X version 8 runs on OS X 10.4 - 10.8. For Linux system requirements see Sophos Anti-Virus for Linux: system requirements.

8. Do I need to uninstall other anti-virus products before installing Sophos?

Absolutely. If you currently have a different anti-virus product installed on your machine, you must uninstall it before installing Sophos.

9. How do I check that Sophos is installed and running properly?

Sophos for Windows

If you see a blue and white shield in the Windows system tray (usually bottom-right of the screen, near the clock) then Sophos is running properly. On Windows 7 the blue shield may not be visible. To view the shield on Windows 7 see the answer to the question Why can't I see the Sophos shield in the Windows system tray or OS X system status bar (near the clock)? above.

 

Sophos for Mac OS X

On OS X the shield appears in the system status bar (usually top-right of the screen) and is black rather than blue. Depending on the version of Sophos the shield may be solid (version 7) or appear as an outline (version 8).

Sophos for Linux

On Linux, run the command

sudo /opt/sophos-av/bin/savdstatus

which should give output such as

Sophos Anti-Virus is active and on-access scanning is running,

and use the command

sudo /opt/sophos-av/bin/savlog

to see when Sophos last downloaded updates.

10. What do all the different shield icons mean?

On Windows and OS X systems Sophos puts a shield icon in the system tray near the clock (Windows systems) or the system status bar near the clock (OS X systems). The shield can appear in a variety of colours, and can have additional symbols superimposed on top of the shield.

NB on Windows 7 the blue shield may not be visible. To view the shield on Windows 7 see the answer to the question Why can't I see the Sophos shield in the Windows system tray (near the clock)? above.

Blue and white shield

 

This icon is used by Sophos for Windows version 10 and means that Sophos is running normally.

Blue shield

 

This icon is used by older versions of Sophos for Windows and means that Sophos is running normally.

Outline black shield

 

This icon is used by Sophos for OS X version 8 and means that Sophos is running normally.

Solid black shield

 

This icon is used by Sophos for OS X version 7 and means that Sophos is running normally.

Outline grey shield

 

This icon is used by Sophos for OS X version 8 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.

Solid grey shield

 

This icon is used by Sophos for OS X version 7 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.

Blue and white shield with yellow triangle and exclamation mark

 

You will see this on Windows systems running Sophos for Windows version 10 and above. It indicates some sort of problem or action that you need to take. The most common reason is that Sophos needs you to restart the computer, but it may also indicate a different problem such as on-access scanning disabled.

Sophos will normally also display a message box to show you what the problem is as shown below.

 

If the reason shown indicates a more significant problem than Sophos just needing a reboot then see the entry Sophos isn't running properly. Why, and what should I do? below for possible reasons and solutions.

Blue and white shield with red circle and white cross

 

If you see a red cross (some may notice that it's really a white cross on a red background) on the shield it means that the last time that Sophos tried to check for updates, it failed for some reason, perhaps because it does not currently have the required network connection. See the entry Sophos isn't updating itself. Why, and what should I do? for possible reasons and solutions.

Outline black shield with cross in the centre

 

On OS X systems running Sophos version 8 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.

Solid black shield with cross in the centre

 

On OS X systems running Sophos version 7 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.

11. How do I keep Sophos up to date?

The Sophos client updates automatically via the Internet -€” you don't have to update it yourself. The current Sophos client will continue to update automatically until November 2012 at which point you will have to download and install a new version of the software. IT Services makes this new version available by the beginning of Michaelmas term every year. NB when you download the Sophos client you will automatically be registered on the sophos-users mailing list. This is used only to notify you of major changes or updates to Sophos.

12. Sophos isn't updating itself. Why, and what should I do?

This can happen for a number of reasons, but usually it is because the Sophos client cannot connect to the Sophos servers to update itself. There may be a number of causes as follows.

The most common reason is if Sophos tries to update itself before your computer has connected to the internet. This is often seen if you are using a USB modem for your broadband connection. The symptoms are usually that you see a red cross every time you start up the computer, but if you try a manual update, it succeeds and the red cross disappears. To start a manual update, right-click on the blue shield with the red cross and choose [Update now]. The workaround is to update Sophos manually once you have connected to the internet.

If your computer is not connected to the internet you should expect to see updating fail. This is normal and should correct itself within an hour of connecting your computer to the Internet.

Occasionally the Sophos client cannot connect to the Sophos update servers because they are unavailable for some other reason, such as a temporary internet problem. If this is the case, the symptoms are that a manual update will fail, but a while later (e.g. an hour, and certainly within a day), the update will succeed, and you should not see the problem again. If this is the problem you don't need to take any further action.

If Sophos stops updating around November each year, this may be because the credentials used to access the updates have expired. This does not normally apply to college or departmental machines, only to your own personal desktop or laptop. In this case a manual update will never succeed, no matter how long you wait. If this applies to your own personal desktop or laptop you can try reinstalling the softwafe. Note that if the problem occurs on a college or departmental system, we recommend that you don't reinstall Sophos yourself as it may overwrite a locally configured installation. Instead, refer to your local IT Support staff.

If none of the above works, then ask your IT Support staff or refer to the Help from IT Services pages as appropriate.

13. Sophos isn't running properly. Why, and what should I do?

The grey shield means that Sophos isn't checking files automatically for viruses when you open them. The blue shield with a yellow triangle and black exclamation can also indicate the same problem. It may be that the Sophos Anti-Virus service has crashed for some reason, so try rebooting your computer to see whether this solves the problem. If this fails, try downloading the latest version from https://register.it.ox.ac.uk/software and install. If the problem occurs on a departmental or college system refer first to your local IT Support staff as reinstalling Sophos may overwrite a locally configured installation. If you still have problems, ask your IT Support staff or refer to the Help from IT Services pages as appropriate.

14. What if Sophos finds a virus?

Check the relevant virus analysis to find out how to recover from the infection. If you have configured Sophos correctly, it should automatically detect and disinfect most boot sector and file infecter viruses. In some cases where Sophos cannot automatically disinfect a virus, the virus analysis will point to a Sophos utility or batch file and instructions for the removal of the virus. Details on disinfection for particular platforms can be found in the appropriate Sophos manual.

Sophos have produced a number of utilities and instructions for removing viruses, these are linked to from the Sophos Disinfection Instructions web page

15. I'm running Linux. Is there an auto-updating client?

Sophos for linux v7 will update automatically and supports a number of editions of linux. We provide a preconfigured version which can be obtained from our download page at https://register.it.ox.ac.uk/software.

16. What other operating systems are supported by Sophos?

IT Services also makes Sophos clients available for some Unix operating systems as well as Novell NetWare. These can be downloaded by any registered IT Support Staff, and this will normally include your local IT officer. NB IT Services does not provide direct support for these clients.

17. Are there any alternative anti-virus products I could consider using?

Sophos is the primary anti-virus product supported by IT Services and is free for all current University members. However there are various alternatives available; some may be free for home use. If you already have up to date anti-virus software installed that you are happy with you do not need to switch to using Sophos.

 

Service area: 

Written by IT Services. Latest revision 15 April 2016