Internal, open access

Troubleshooting Sophos Anti Virus

Pre-requisites reminder

Before you troubleshoot the Sophos Anti-Virus package, there are some factors which you need to be reminded of:

  1. Install the latest service packs from Microsoft Update:
    • Microsoft Windows 7 PCs need no service packs in order to run Sophos Anti-Virus (note that Service Pack 1 is due for release in August 2010).
    • Microsoft Windows Vista PCs should have Service Pack 2 or later installed in order to run Sophos Anti-Virus. You can obtain the latest Windows Vista Service Pack via the Microsoft Windows Update site.
    • Microsoft Windows XP PCs must have Service Pack 3 or later installed in order to run Sophos Anti-Virus. You can obtain the latest Windows XP Service Pack via the Microsoft Windows Update site. Note further than Microsoft now only produce Windows Updates for SP3 so make sure you are running this.

  2.   Once you're on the latest service pack for your version of Windows, ensure that all Microsoft Windows critical updates have been installed. We recommend that you set your computer to automatically install Microsoft updates. Details on this are available from the More Help - PC Security web pages. You may need to reboot after installing these updates.

  3.  All PCs must have their existing anti-virus software removed prior to installing Sophos Anti-Virus. This can be done through the Add/Remove Programs control panel (click on Start, select Control Panel and then Add/Remove Programs). You will need to reboot after uninstalling your anti-virus.

  4.  Sophos Anti-Virus must be installed as a user with an Administrator account. On Windows Vista/7 you can right-click on the Sophos file and select "Run as administrator".

Troubleshooting

If things go wrong, please check the common problems listed below to see if they apply to you.

Installation Problems

If the Sophos updates fail and a white cross in a red circle appears in the corner of your Sophos shield , you should first do a manual update by right-clicking on the shield icon. If that also fails, you should check the common problems below.

Updating Problems

If the Sophos updates fail and a white cross in a red circle appears in the corner of your Sophos shield you should first do a manual update by right-clicking on the shield icon. If that also fails, you should check the common problems below.

Updating Has Never Worked Since Installing (Applies to University PCs)

Personal firewall software can interfere with the management system used for University PCs. University PCs need to have File and Print Sharing enabled and the Sophos Management System added to the firewall settings. Instructions on how to do this follow.

To correctly add File and Print Sharing to the Windows Firewall for campus PCs:

1. Open the Windows Firewall Control Panel:

2.  If you are using the Category View:
Click on Start and select Control Panel, then Security Center and then Windows Firewall

If you are using Classic View:
Click on Start and select Control Panel and then Windows Firewall

3. Ensure that On (recommended) is selected and click on the Exceptions tab

4. Tick the File and Printer Sharing entry

5. Click the Edit button, then the Change Scope... button

6. Set it to a Custom list of: 134.225.0.0/255.255.0.0 and press OK twice (i.e. allow the campus network).

7. Next, click the Add Program... button and add C:\Program Files\Sophos\Remote Management System\RouterNT.exe if it is installed on your system.

Updating Has Never Worked Since Installing (applies to home PCs)

Home update failures are invariably due to one of the following factors in order of likelihood (assuming that the PC is otherwise running correctly and your other software is updating correctly):

1. The Sophos update location has been typed incorrectly (check it with the settings on the previous page). The home update locations are currently as follows:

  • Sophos 7: sophosdist.reading.ac.uk/dataxp7 (legacy update location)
  • Sophos 9: sophosdist.reading.ac.uk/dataxp9 (new update location)
  • Mac OSX: sophosdist.reading.ac.uk/dataosx7

2. Your home PC isn't connected to the Internet (probably not the case if you're reading this page online).

3. Your home PC is connected to the Internet, but your firewall is blocking the Sophos update connection (unlikely, as Sophos uses the same connection as you're now using to read this web page).

4. Your home PC is using a wireless connection and the connection hasn't been established yet. Sophos will try to update immediately, but the wireless connection starts later. Try a manual update once your connection is up by right-clicking on your blue Sophos shield.

5. Your PC may not have been rebooted since the last time there was an upgrade to Sophos. This is often the case if you hibernate or sleep your PC regularly rather than turning it off.

Updating Has Worked But Has Now Stopped

The PC is not connected to the network (e.g. readingConnect or your ISP). Ensure that you are on-line and then do a manual update.

Checking The Update Logs (applies to all PCs)

If none of the above solutions result in an update, you should check the Sophos log file which gives details of the updating process. To view the log file:

1. For Sophos 7, right-click on your Sophos shield and select Configure updating....

2. Select the Logging tab and click on the View Log File button:

Sophos Log Info














 

 3.  For Sophos 9, double-click on your Sophos shield and select View updating log toward the lower right.

 4. This file will give an error message telling you why you cannot update (usually that it cannot find update location http://sophosdist.reading.ac.uk/dataxp7/ for Sophos version 7, or http://sophosdist.reading.ac.uk/dataxp9/ for Sophos version 9). If the listed error message makes no sense to you, you should copy and paste this error message in full when emailing ITS-Help.

Windows XP Security Centre reports that Sophos is out of date, but it isn't (applies to non-domain and home PCs)

This is a false alarm message which is a problem acknowledged by Sophos on their support website:

http://www.sophos.com/support/knowledgebase/article/11787.html

The problem arises because the Security Centre assumes that the virus definitions are stored as a single package which will be updated at least every 34 days. Sophos no longer use this method and instead provide a multi-package database, adding packages as needed. This means that the original package which is being monitored by Microsoft never gets updated and so the XP Security Center complains even though Sophos really is up-to-date.

Virus and PUA removal advice

We recommend that you periodically run a full scan of your computer. You may do this either from within the Sophos application itself as a "scheduled task" if you wish to do this overnight or when the PC is unattended, or you may do this immediately by right-clicking on "My Computer" and selecting "Scan with Sophos Anti-Virus" from the menu.

N.B. If Sophos detects a "Potentially Unwanted Application" which you wish to remove, then you must run a full scan of your computer before you will be able to remove it. This is to allow Sophos to ensure that it has detected all traces of the application so that no remnants are left behind. Note further than some PUAs can't be removed by Sophos - you have to remove them using Add/Remove Programs instead.

Things to do now

Page navigation

See also

 

Search Form

A-Z lists