Table of contents

1. Introduction

Below is a list of commonly asked questions concerning Sophos Anti-Virus. If you have any questions about the software and how to install or operate Sophos that is not in the Windows Instructions, Mac Instructions or Linux Instructions, and that is not answered below, refer to your local IT Support or contact the Help Centre.

Note that problems with a departmental or college computer should generally be referred to your local IT Support staff.

If you are looking for information about the Flashback/Flashfake virus infection on Mac computers please see our Flashback page for removal tools and other information about protecting your machine and data.

2. My Sophos installation on Windows failed; what do I do?

If the Oxford Sophos Antivirus Installer fails to install Sophos for Windows it will display a red shield and the message Install Failed. It may also display a reason for the failure.

There can be a number of reasons why the installation fails but the most common reason is that you already have another antivirus software product installed such as a product from Norton, McAfee, AVG and others.

If you already have up to date antivirus software installed and protecting your computer then you don't need to install Sophos as well. If you want to switch to using Sophos instead you should first uninstall the other product using the Programs and Features control panel (Vista and Windows 7) or the Add/Remove Programs control panel on Windows XP. You can access the Control Panel from the Start menu.

If you have uninstalled any other antivirus software and still have problems installing Sophos then you will need to send us some log files to help us figure out what has gone wrong.

Right-click on the Oxford Sophos Antivirus Installer screen and select [Export System Logs].

Export logs menu

If the Oxford Sophos Antivirus Installer isn't running, start it up again and once you can see the Start button again right-click on the installer window and select [Export System Logs].

Export logs menu

The screen will show that the log files are being collected. This can take a few minutes.

Collecting the logs

Once complete you should have a file called sophoslogs.zip on the desktop. The Oxford Sophos Antivirus Installer window will display instructions together with an email address. Send an email to the address shown on the screen and attach the sophoslogs.zip. Please use an appropriate subject line such as Sophos installation failed and include a brief description of the problem and anything you have already tried (such as uninstalling another product).

Collecting the logs

3. How can I tell whether my installation uses current updating credentials?

The credentials used to update Sophos Anti-Virus automatically are valid for around 14 months and expire during November each year. Once they have expired, Sophos will no longer be able to download updates, and your computer will be more vulnerable to new viruses etc.

To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year.

To determine whether Sophos installed on a computer is using the latest 2011–12 credentials or the old 2010–11 credentials, check the Sophos Autoupdate settings as described below to see which username it is using. If the username starts em47 then you are already up to date as you have the most recent credentials that expire in November 2012. If it starts em78 then you are using the older credentials that expire at the start of November 2011 and you should download the latest package and install it. If the username starts with any other letters and/or numbers, it may be using a local configuration (this is likely on college or departmental system); please check with your local IT Support staff before making any changes.

You can check the username on systems running Windows, OS X and Linux as described below. If the username is the wrong one, see the question My Sophos installation is still using last year's credentials. How do I fix this? for details on resolving the problem.

Windows

Open the Sophos program from the Start menu and click on Configure Updating....

The username is shown on the Primary server tab.

Mac OS X

To check the username on OS X systems, click on the shield on the menu bar (usually top-right near the clock) and choose [Open Sophos Anti-Virus Preferences...]. The shield may be solid or outline depending on the version of Sophos Anti-Virus you are have installed (7 or 8).

Mac v7 black shield icon
Mac v8 black shield icon

Click on the [AutoUpdate] option and look for the entry against Username:. If it is hidden you may need to click on the padlock (bottom left) and enter your password when prompted to reveal it.

Linux

To check the username on Linux systems, from a command line or terminal session, run sudo /opt/sophos-av/bin/savsetup. Accept the default options of [[1] Auto-updating configuration] and then [[1] Display update configuration] to see the username that Sophos is using.

4. My Sophos installation is still using last year's credentials. How do I fix this?

You need to download and install the latest Sophos package annually during October to make sure that it is using the latest set of credentials to download updates. If you haven't updated Sophos this year, follow the links and instructions from the Main Sophos web page to download and install the latest version.

If you have already downloaded and installed the latest version of Sophos and the credentials are still wrong, you should uninstall Sophos completely and then install the latest version again. Whether you experience this problem tends to depend on the operating system you use. On Windows the problem doesn't normally occur. However we do see this from time to time on Mac OS X and on the linux platform you will always see this problem if you don't uninstall the previous version of Sophos before you install the new one.

For details of how to uninstall Sophos see below.

5. How do I uninstall Sophos?

Microsoft Windows

To uninstall Sophos on Windows, open the Control Panel and then Programs and Features (Windows 7 or Vista) or Add or Remove Programs (XP). You should have two Sophos entries in the list. These are [Sophos Anti-Virus] and [Sophos AutoUpdate]. To completely remove Sophos you need to uninstall both of them. Select one and click on Uninstall (Windows 7 or Vista) or Remove (Windows XP). When the first Sophos program has been removed, repeat the process to remove the other. You will usually be prompted to reboot your computer after you uninstall the [Sophos Anti-Virus] program.

OS X

To uninstall Sophos on OS X, open your computer in the Finder (select [Computer] from the [Go] menu). Open your hard disk, which is normally called Macintosh HD unless you have renamed it. Then open the Library folder and finally the Sophos Anti-Virus folder. Double-click on Remove Sophos Anti-Virus.pkg and follow the prompts to uninstall Sophos. Note that the prompts may look as if you are installing rather than uninstalling; this is normal.

Linux

To uninstall Sophos on Linux, run the command sudo /opt/sophos-av/uninstall.sh.

6. Why can't I see the Sophos shield in the Windows system tray or OS X system status bar (near the clock)?

On Windows and OS X systems the shield may occasionally disappear for a short time while Sophos is installing updates. Normally however it will reappear within a few minutes.

If the shield disappears permanently then unless you are running Windows 7 try restarting your computer; if that fails try reinstalling Sophos. On Windows 7 however there may be a different reason and you should try the following first before restarting your computer or reinstalling Sophos.

On systems running Windows 7 the display options for the system tray icons are different and as a result you may rarely if ever see the shield. However if Sophos is running normally you should be able to see the shield by clicking on the double up-arrow near the clock to display any hidden icons.

Blue shield on Windows 7

If you can see the blue shield when you do this then everything is running normally. However because the shield is hidden it does mean that you are more likely to miss problems with your Sophos installation. We recommend that you change the settings so that the shield is always visible as follows (this isn't an issue on Windows XP and Vista).

To change the settings select [Customize] from the menu that appears when you click on the double up-arrows near the clock.

Customize option for Notification Area

This will open the Notification Area Icons control panel. Look down the list (and if necessary scroll down) until you see the entry for [Sophos Endpoint Security and Control]. From the drop-down list next to it change the setting to [Show icon and notifications.]

Windows 7 Notification Area Icons control panel

7. Where do I obtain the software?

For installation on personal machines, please use the table on the Sophos index page to download software and view instructions.

8. What versions are available?

We are currently distributing Sophos Anti-Virus for Windows version 10.0, Sophos Anti-Virus for Mac OS X version 8 and Sophos Anti-Virus for Linux version 7.5. Additional Sophos software is available to registered IT Support Staff — see the Information for IT Support Staff page.

9. What platforms does these versions run on?

Sophos for Windows version 10.0 runs on Windows 7, XP (SP1a and above), Vista and 2000 (SP3 and above). On the Mac, Sophos for OS X version 8 runs on OS X 10.4 – 10.8. For Linux system requirements see Sophos Anti-Virus for Linux: system requirements.

10. Do I need to uninstall other anti-virus products before installing Sophos?

Absolutely. If you currently have a different anti-virus product installed on your machine, you must uninstall it before installing Sophos.

11. How do I check that Sophos is installed and running properly?

Sophos for Windows

If you see a blue and white shield in the Windows system tray (usually bottom-right of the screen, near the clock) then Sophos is running properly. On Windows 7 the blue shield may not be visible. To view the shield on Windows 7 see the answer to the question Why can't I see the Sophos shield in the Windows system tray or OS X system status bar (near the clock)? above.

Windows blue and white shield icon

Sophos for Mac OS X

On OS X the shield appears in the system status bar (usually top-right of the screen) and is black rather than blue. Depending on the version of Sophos the shield may be solid (version 7) or appear as an outline (version 8).

Mac v7 black shield icon
Mac v8 black shield icon

Sophos for Linux

On Linux, run the command
sudo /opt/sophos-av/bin/savdstatus
which should give output such as
Sophos Anti-Virus is active and on-access scanning is running,
and use the command
sudo /opt/sophos-av/bin/savlog
to see when Sophos last downloaded updates.

12. What do all the different shield icons mean?

On Windows and OS X systems Sophos puts a shield icon in the system tray near the clock (Windows systems) or the system status bar near the clock (OS X systems). The shield can appear in a variety of colours, and can have additional symbols superimposed on top of the shield.

NB on Windows 7 the blue shield may not be visible. To view the shield on Windows 7 see the answer to the question Why can't I see the Sophos shield in the Windows system tray (near the clock)? above.

Blue and white shield

Windows blue shield icon

This icon is used by Sophos for Windows version 10 and means that Sophos is running normally.

Blue shield

Windows blue shield icon

This icon is used by older versions of Sophos for Windows and means that Sophos is running normally.

Outline black shield

OS X black v8 shield icon

This icon is used by Sophos for OS X version 8 and means that Sophos is running normally.

Solid black shield

OS X black shield icon

This icon is used by Sophos for OS X version 7 and means that Sophos is running normally.

Outline grey shield

Outline grey shield on OS X

This icon is used by Sophos for OS X version 8 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.

Solid grey shield

Grey shield on OS X

This icon is used by Sophos for OS X version 7 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.

Blue and white shield with yellow triangle and exclamation mark

Windows shield with exclamation

You will see this on Windows systems running Sophos for Windows version 10 and above. It indicates some sort of problem or action that you need to take. The most common reason is that Sophos needs you to restart the computer, but it may also indicate a different problem such as on-access scanning disabled.

Sophos will normally also display a message box to show you what the problem is as shown below.

Windows shield with exclamation and popup

If the reason shown indicates a more significant problem than Sophos just needing a reboot then see the entry Sophos isn't running properly. Why, and what should I do? below for possible reasons and solutions.

Blue and white shield with red circle and white cross

Windows blue shield icon with red cross

If you see a red cross (some may notice that it's really a white cross on a red background) on the shield it means that the last time that Sophos tried to check for updates, it failed for some reason, perhaps because it does not currently have the required network connection. See the entry Sophos isn't updating itself. Why, and what should I do? for possible reasons and solutions.

Outline black shield with cross in the centre

Mac outline black shield icon with cross

On OS X systems running Sophos version 8 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.

Solid black shield with cross in the centre

Mac black shield icon with cross

On OS X systems running Sophos version 7 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.

13. How do I keep Sophos up to date?

The Sophos client updates automatically via the Internet — you don't have to update it yourself. The current Sophos client will continue to update automatically until November 2012 at which point you will have to download and install a new version of the software. OUCS makes this new version available by the beginning of Michaelmas term every year. NB when you download the Sophos client you will automatically be registered on the sophos-users mailing list. This is used only to notify you of major changes or updates to Sophos.

14. Sophos isn't updating itself. Why, and what should I do?

This can happen for a number of reasons, but usually it is because the Sophos client cannot connect to the Sophos servers to update itself. There may be a number of causes as follows.

The most common reason is if Sophos tries to update itself before your computer has connected to the internet. This is often seen if you are using a USB modem for your broadband connection. The symptoms are usually that you see a red cross every time you start up the computer, but if you try a manual update, it succeeds and the red cross disappears. To start a manual update, right-click on the blue shield with the red cross and choose [Update now]. The workaround is to update Sophos manually once you have connected to the internet.

If your computer is not connected to the internet you should expect to see updating fail. This is normal and should correct itself within an hour of connecting your computer to the Internet.

Occasionally the Sophos client cannot connect to the Sophos update servers because they are unavailable for some other reason, such as a temporary internet problem. If this is the case, the symptoms are that a manual update will fail, but a while later (e.g. an hour, and certainly within a day), the update will succeed, and you should not see the problem again. If this is the problem you don't need to take any further action.

If Sophos stops updating around November each year, this may be because the credentials used to access the updates have expired. This does not normally apply to college or departmental machines, only to your own personal desktop or laptop. In this case a manual update will never succeed, no matter how long you wait. Refer to the question How can I tell whether my installation uses current updating credentials? to find out whether this is the cause of the problem, and to My Sophos installation is still using last year's credentials. How do I fix this? to find out what to do about it. Note that if the problem occurs on a college or departmental system, we recommend that you don't reinstall Sophos yourself as it may overwrite a locally configured installation. Instead, refer to your local IT Support staff.

If none of the above works, then ask your IT Support staff or refer to the Help from OUCS pages as appropriate.

15. Sophos isn't running properly. Why, and what should I do?

The grey shield means that Sophos isn't checking files automatically for viruses when you open them. The blue shield with a yellow triangle and black exclamation can also indicate the same problem. It may be that the Sophos Anti-Virus service has crashed for some reason, so try rebooting your computer to see whether this solves the problem. If this fails, try downloading the latest version from https://register.it.ox.ac.uk/software and install. If the problem occurs on a departmental or college system refer first to your local IT Support staff as reinstalling Sophos may overwrite a locally configured installation. If you still have problems, ask your IT Support staff or refer to the Help from OUCS pages as appropriate.

16. What if Sophos finds a virus?

Check the relevant virus analysis to find out how to recover from the infection. If you have configured Sophos correctly, it should automatically detect and disinfect most boot sector and file infecter viruses. In some cases where Sophos cannot automatically disinfect a virus, the virus analysis will point to a Sophos utility or batch file and instructions for the removal of the virus. Details on disinfection for particular platforms can be found in the appropriate Sophos manual.

Sophos have produced a number of utilities and instructions for removing viruses, these are linked to from the Sophos Disinfection Instructions web page

17. I'm running Linux. Is there an auto-updating client?

Sophos for linux v7 will update automatically and supports a number of editions of linux. We provide a preconfigured version which can be obtained from our download page at https://register.it.ox.ac.uk/software.

18. What other operating systems are supported by Sophos?

OUCS also makes Sophos clients available for some Unix operating systems as well as Novell NetWare. These can be downloaded by any registered IT Support Staff, and this will normally include your local IT officer. NB OUCS does not provide direct support for these clients.

19. Are there any alternative anti-virus products I could consider using?

Sophos is the primary anti-virus product supported by OUCS and is free for all current University members. However there are various alternatives available; some may be free for home use. If you already have up to date anti-virus software installed that you are happy with you do not need to switch to using Sophos.