Sophos Antivirus Is Not Running

admin

GoodSophos Antivirus Is Not Running

I've been running Windows 10 exclusively for about three years. I ditched paid antivirus and have been using Windows built-in antivirus (workstations only, of course) for about two years. I have not experienced a single virus outbreak.

  1. The program will quickly run a scan on the Caches folder and you will see something like this in the scan summary in the Terminal window 5628 files swept in 25 seconds. 4 errors were encountered. No viruses were discovered. Ending Sophos Anti-Virus.
  2. Users of MacOS 10.13 are required to do the following steps for newly installed Sophos Anti-Virus: 1. After installing Sophos Anti-virus, go to “Security & Privacy” under Apple System Preferences. At the bottom of the window, you will see “System software from developer “Sophos” was blocked from.
  3. Sophos Home Premium has one of the shortest feature lists in the antivirus world, but poke around in the web-based Settings menus for a while and you'll find one unusual extra: a simple parental.
  4. If the Sophos Anti-Virus service is listed in Windows services, changing the log on account from local service to local system may work. If the service is not there, running the Sophos Anti-Virus.msi from the share adds it: Open Windows Services by clicking 'Start', 'Run', and typing services.msc.

Your mileage may vary of course. I use WSUS to push out the AV updates. By the way, my users are generally on the savvy end of the spectrum (software developers) and those who aren't are well trained to come to me immediately with questions. I'm also in a relatively small environment... less than 100 users.

Sophos for Virtual Environments is designed to efficiently secure virtual environments running on either VMware ESXi or Microsoft Hyper-V. It eliminates scan storms and update storms by offloading malware detection to a centralized security virtual machine.

You can see applications that you have allowed to run on your computers.

On the Settings > Allowed Applications page you can see applications that you have allowed to run on your endpoint computers.

The page shows where the application was originally detected (if applicable) and how it was allowed.

About allowed applications

Our software detects threats that are previously unknown. However, it may sometimes identify an application as a threat, even though you know that it’s safe. When this happens, you can “allow” the application. This does as follows:

  • Prevents this detection from happening again.
  • Restores all copies that have been cleaned up (removed from computers).

Alternatively, you can allow an application in advance, so that it won't be detected when you install it for users.

Warning Think carefully before you allow applications because it reduces your protection.
Note If an option is locked global settings have been applied by your partner or Enterprise administrator. You can still stop detecting applications, exploits and ransomware by going to the events list.

Allow an application that's been detected

Only allow an application if you know it's safe. For help deciding, see How to investigate and resolve a potential False Positive or Incorrect Detection.

To allow an application that Sophos has detected and removed, do as follows.

Note that:

  • This allows the application for all computers and users.
  • This allows the application to start, but we’ll still check it for threats, exploits and malicious behavior when it's running.
  1. Go to the Computers or Servers page, depending on where the application was detected.
  2. Find the computer where the detection happened and click on it to view its details.
  3. On the Events tab, find the detection event and click Details.
  4. In the Event details dialog, look under Allow this application.
  5. Select the method of allowing the application:
    • Certificate: This is recommended. It also allows other applications with the same certificate.
    • SHA-256: This allows this version of the application. However, if the application is updated, it could be detected again.
    • Path: This allows the application as long as it's installed in the path (location) shown. You can edit the path (now or later) and you can use variables if the application is installed in different locations on different computers.
  6. Click Allow.
Sophos Antivirus Is Not Running

Edit the path for an allowed application

You can change the path that you specified when you allowed an application.

  1. On the Allowed Applications page, find the application. The current path is shown in the details.
  2. Click the edit icon (the pen) on the far right of the page.
  3. In the Edit path dialog, enter the new path.

Sophos Antivirus Is Not Running Back In

When you edit a path, details of the original detection (user, computer and path) are removed from the list.

Sophos antivirus service is not running

Start detecting an application again

Sophos Antivirus Is Active But On-access Scanning Is Not Running

If you want Sophos to start detecting and removing an application again, you remove it from the Allowed Applications list.

Select the application and click Remove (in the upper right of the page).