Sophos Knowledgebase
You can find answers to many questions related to Sophos protection products in the knowledgebase: Link
The following notes are generally only relevant for Sophos administrators.
Error during installation under Windows
When trying to run the installation package, an error message of the type "Windows Script Host - Script: C:\Users ....\setup.vbs ... Error: No application is associated with the specified file" or that the file cannot be found. The setup is not executed.
In this case, proceed as follows:
1. Download the installation package for your area:
http://sec.scc.uni-weimar.de/install/
2. Extract the package
3. Open the command line (Run - enter "cmd")
4. Navigate to setup.exe "cd [path to file]", click enter, for example "cd C:\Windows\Temp\SophosEndpointWindows_STANDARD\".
5. Now copy the following command to the command line (Highlight, right mouse button - Copy, right mouse button - Paste) and click Enter.
setup.exe -crt R -ni -mng yes -updp ""http://sec.scc.uni-weimar.de/CIDs/S000/SAVSCFXP/"" -g ""\SEC\STANDARD""
6. The installation should start and go through without errors.
Mac OS X - installing or uninstalling Sophos Anti-Virus from the command line
Proceed as described here:
http://www.sophos.com/de-de/support/knowledgebase/14179.aspx
Checking that virus signatures are up to date
- Open Sophos Endpoint Security Endpoint and Control (right-click the Sophos icon in the taskbar and select the appropriate option).
- if necessary, confirm the user account control message
- In the new window click on Product Info on the left. Under Antivirus and HIPS click +Software.
- Remember value under detection data.
- Calling the website: www.sophos.de/downloads/ide/
- Now select the line where the remembered value is located and check the number in Number of IDEs with the number in Sophos Endpoint Security Endpoint and Control detection files on your system (values must match).
Manual update of virus signatures
If for some reason the update servers are unavailable, the virus signatures can also be updated manually. Sophos updates the signatures several times a day.
- Download the zip file with the current signatures (highlighted in color): Link
- Extract the contents of the file to the appropriate directory (by default, for Windows, to C:\Program Files\Sophos\Sophos Anti-Virus).
Run scheduled scans (on-demand scans) with low system load
The option "Run low priority scan" is available only from Windows Vista onwards
Overview of port configurations in Sophos applications
Configuring the Console to Manage Large Networks
Protection of computers in the Unassigned group not possible
""Unassigned" group is intended for computers that have not yet been assigned to any group and to which policies can be applied.
Computers are not protected until they are in a group."
(Source: Sophos Enterprise Console - Help, Product version: 4.7, Status: April 2011)
Sophos Anti-Virus for Windows: allowing suspicious objects to pass through
Excluded file is reported anyway
If you receive a message from Sophos Enterprise Console like this
Process"C:\programs\
\xyz.exe" shows suspicious behavior pattern 'HIPS/RegMod-009'.
although you have defined an exclusion for the file xyz.exe, this is usually because the checksum of the file has changed - for example, due to an update. The following possible actions are available:
Re-exclusion of the modified file, with the disadvantage that this must be repeated for each modification, or disabling of the HIPS (Host Intrusion Prevention Systems) on this system, with the consequence that this protection function is no longer available. Partial deactivation is not possible.
File exclusion during on-access and on-demand scanning has no effect regarding detection by HIPS
Many "$$$" files in the Sophos Temp directory
In the folder "C:\Documents and Settings\All Users\Application Data\Sophos Anti-Virus\Temp." there are many files with "*.$$$" extension which are over 1GB in size.
These are temporary files extracted by the scanning engine when scanning an archive file and can be deleted.
Procedure:
- Stop the Sophos Anti-Virus service (SavService.exe).
- Delete the "$$$" files.
- Restart the Sophos Anti-Virus service.
(Source: de.sophos.com/support/knowledgebase/article/43698.html)