Table of contents
- 1. Introduction
- 2. My Sophos installation on Windows failed; what do I do?
- 3. How can I tell whether my installation uses current updating credentials?
- 4. My Sophos installation is still using last year's credentials. How do I fix this?
- 5. How do I uninstall Sophos?
- 6. Why can't I see the Sophos shield in the Windows system tray or OS X system status bar (near the clock)?
- 7. Where do I obtain the software?
- 8. What versions are available?
- 9. What platforms does these versions run on?
- 10. Do I need to uninstall other anti-virus products before installing Sophos?
- 11. How do I check that Sophos is installed and running properly?
- 12. What do all the different shield icons mean?
- 13. How do I keep Sophos up to date?
- 14. Sophos isn't updating itself. Why, and what should I do?
- 15. Sophos isn't running properly. Why, and what should I do?
- 16. What if Sophos finds a virus?
- 17. I'm running Linux. Is there an auto-updating client?
- 18. What other operating systems are supported by Sophos?
- 19. Are there any alternative anti-virus products I could consider using?
Below is a list of commonly asked questions concerning Sophos Anti-Virus. If you have any questions about the software and how to install or operate Sophos that is not in the Windows Instructions, Mac Instructions or Linux Instructions, and that is not answered below, refer to your local IT Support or contact the Help Centre.
If you are looking for information about the Flashback/Flashfake virus infection on Mac computers please see our Flashback page for removal tools and other information about protecting your machine and data.
There can be a number of reasons why the installation fails but the most common reason is that you already have another antivirus software product installed such as a product from Norton, McAfee, AVG and others.
If you already have up to date antivirus software installed and protecting your computer
then you don't need to install Sophos as well. If you want to switch to using Sophos
instead you should first uninstall the other product using the
Features control panel (Vista and Windows 7) or the
Programs control panel on Windows XP. You can access the
Panel from the
Once complete you should have a file called sophoslogs.zip on the desktop. The Oxford Sophos Antivirus Installer window will display instructions together with an email address. Send an email to the address shown on the screen and attach the sophoslogs.zip. Please use an appropriate subject line such as Sophos installation failed and include a brief description of the problem and anything you have already tried (such as uninstalling another product).
The credentials used to update Sophos Anti-Virus automatically are valid for around 14 months and expire during November each year. Once they have expired, Sophos will no longer be able to download updates, and your computer will be more vulnerable to new viruses etc.
To determine whether Sophos installed on a computer is using the latest 2011–12 credentials or the old 2010–11 credentials, check the Sophos Autoupdate settings as described below to see which username it is using. If the username starts em47 then you are already up to date as you have the most recent credentials that expire in November 2012. If it starts em78 then you are using the older credentials that expire at the start of November 2011 and you should download the latest package and install it. If the username starts with any other letters and/or numbers, it may be using a local configuration (this is likely on college or departmental system); please check with your local IT Support staff before making any changes.
You can check the username on systems running Windows, OS X and Linux as described below. If the username is the wrong one, see the question My Sophos installation is still using last year's credentials. How do I fix this? for details on resolving the problem.
To check the username on OS X systems, click on the shield on the menu bar (usually
top-right near the clock) and choose
[Open Sophos Anti-Virus Preferences...].
The shield may be solid or outline depending on the version of Sophos Anti-Virus you are
have installed (7 or 8).
To check the username on Linux systems, from a command line or terminal session, run
sudo /opt/sophos-av/bin/savsetup. Accept the default options of
[ Auto-updating configuration] and then
[ Display update
configuration] to see the username that Sophos is using.
You need to download and install the latest Sophos package annually during October to make sure that it is using the latest set of credentials to download updates. If you haven't updated Sophos this year, follow the links and instructions from the Main Sophos web page to download and install the latest version.
If you have already downloaded and installed the latest version of Sophos and the credentials are still wrong, you should uninstall Sophos completely and then install the latest version again. Whether you experience this problem tends to depend on the operating system you use. On Windows the problem doesn't normally occur. However we do see this from time to time on Mac OS X and on the linux platform you will always see this problem if you don't uninstall the previous version of Sophos before you install the new one.
To uninstall Sophos on Windows, open the
Control Panel and then
Programs and Features (Windows 7 or Vista) or
Add or Remove
Programs (XP). You should have two Sophos entries in the list. These are
[Sophos Anti-Virus] and
[Sophos AutoUpdate]. To completely remove
Sophos you need to uninstall both of them. Select one and click on
Uninstall (Windows 7 or Vista) or
Remove (Windows XP).
When the first Sophos program has been removed, repeat the process to remove the other.
You will usually be prompted to reboot your computer after you uninstall the
To uninstall Sophos on OS X, open your computer in the
[Computer] from the
[Go] menu). Open your hard disk, which is
Macintosh HD unless you have renamed it. Then open
Library folder and finally the
Anti-Virus folder. Double-click on
Anti-Virus.pkg and follow the prompts to uninstall Sophos. Note that the
prompts may look as if you are installing rather than uninstalling; this is normal.
6. Why can't I see the Sophos shield in the Windows system tray or OS X system status bar (near the clock)?
If the shield disappears permanently then unless you are running Windows 7 try restarting your computer; if that fails try reinstalling Sophos. On Windows 7 however there may be a different reason and you should try the following first before restarting your computer or reinstalling Sophos.
On systems running Windows 7 the display options for the system tray icons are different and as a result you may rarely if ever see the shield. However if Sophos is running normally you should be able to see the shield by clicking on the double up-arrow near the clock to display any hidden icons.
If you can see the blue shield when you do this then everything is running normally. However because the shield is hidden it does mean that you are more likely to miss problems with your Sophos installation. We recommend that you change the settings so that the shield is always visible as follows (this isn't an issue on Windows XP and Vista).
This will open the
Notification Area Icons control panel. Look down
the list (and if necessary scroll down) until you see the entry for
Security and Control]. From the drop-down list next to it change the setting to
[Show icon and notifications.]
For installation on personal machines, please use the table on the Sophos index page to download software and view instructions.
We are currently distributing Sophos Anti-Virus for Windows version 10.0, Sophos Anti-Virus for Mac OS X version 8 and Sophos Anti-Virus for Linux version 7.5. Additional Sophos software is available to registered IT Support Staff — see the Information for IT Support Staff page.
Sophos for Windows version 10.0 runs on Windows 7, XP (SP1a and above), Vista and 2000 (SP3 and above). On the Mac, Sophos for OS X version 8 runs on OS X 10.4 – 10.8. For Linux system requirements see Sophos Anti-Virus for Linux: system requirements.
If you see a
blue and white shield in the Windows system tray (usually
bottom-right of the screen, near the clock) then Sophos is running properly. On Windows 7
the blue shield may not be visible. To view the shield on Windows 7 see the answer to the
question Why can't I see the Sophos shield in the Windows system
tray or OS X system status bar (near the clock)? above.
On OS X the shield appears in the system status bar (usually top-right of the screen) and is black rather than blue. Depending on the version of Sophos the shield may be solid (version 7) or appear as an outline (version 8).
On Linux, run the command
which should give output such as
Sophos Anti-Virus is active and on-access scanning is running,
and use the command
to see when Sophos last downloaded updates.
On Windows and OS X systems Sophos puts a shield icon in the system tray near the clock (Windows systems) or the system status bar near the clock (OS X systems). The shield can appear in a variety of colours, and can have additional symbols superimposed on top of the shield.
NB on Windows 7 the blue shield may not be visible. To view the shield on Windows 7 see the answer to the question Why can't I see the Sophos shield in the Windows system tray (near the clock)? above.
This icon is used by Sophos for OS X version 8 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.
This icon is used by Sophos for OS X version 7 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.
You will see this on Windows systems running Sophos for Windows version 10 and above. It indicates some sort of problem or action that you need to take. The most common reason is that Sophos needs you to restart the computer, but it may also indicate a different problem such as on-access scanning disabled.
If the reason shown indicates a more significant problem than Sophos just needing a reboot then see the entry Sophos isn't running properly. Why, and what should I do? below for possible reasons and solutions.
If you see a red cross (some may notice that it's really a white cross on a red background) on the shield it means that the last time that Sophos tried to check for updates, it failed for some reason, perhaps because it does not currently have the required network connection. See the entry Sophos isn't updating itself. Why, and what should I do? for possible reasons and solutions.
On OS X systems running Sophos version 8 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.
On OS X systems running Sophos version 7 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.
The Sophos client updates automatically via the Internet — you don't have to update it yourself. The current Sophos client will continue to update automatically until November 2012 at which point you will have to download and install a new version of the software. OUCS makes this new version available by the beginning of Michaelmas term every year. NB when you download the Sophos client you will automatically be registered on the sophos-users mailing list. This is used only to notify you of major changes or updates to Sophos.
The most common reason is if Sophos tries to update itself before your computer has
connected to the internet. This is often seen if you are using a USB modem for your
broadband connection. The symptoms are usually that you see a red cross every time you
start up the computer, but if you try a manual update, it succeeds and the red cross
disappears. To start a manual update, right-click on the blue shield with the red cross
[Update now]. The workaround is to update Sophos manually once you
have connected to the internet.
Occasionally the Sophos client cannot connect to the Sophos update servers because they are unavailable for some other reason, such as a temporary internet problem. If this is the case, the symptoms are that a manual update will fail, but a while later (e.g. an hour, and certainly within a day), the update will succeed, and you should not see the problem again. If this is the problem you don't need to take any further action.
If Sophos stops updating around November each year, this may be because the credentials used to access the updates have expired. This does not normally apply to college or departmental machines, only to your own personal desktop or laptop. In this case a manual update will never succeed, no matter how long you wait. Refer to the question How can I tell whether my installation uses current updating credentials? to find out whether this is the cause of the problem, and to My Sophos installation is still using last year's credentials. How do I fix this? to find out what to do about it. Note that if the problem occurs on a college or departmental system, we recommend that you don't reinstall Sophos yourself as it may overwrite a locally configured installation. Instead, refer to your local IT Support staff.
If none of the above works, then ask your IT Support staff or refer to the Help from OUCS pages as appropriate.
The grey shield means that Sophos isn't checking files automatically for viruses when you open them. The blue shield with a yellow triangle and black exclamation can also indicate the same problem. It may be that the Sophos Anti-Virus service has crashed for some reason, so try rebooting your computer to see whether this solves the problem. If this fails, try downloading the latest version from https://register.it.ox.ac.uk/software and install. If the problem occurs on a departmental or college system refer first to your local IT Support staff as reinstalling Sophos may overwrite a locally configured installation. If you still have problems, ask your IT Support staff or refer to the Help from OUCS pages as appropriate.
Check the relevant virus analysis to find out how to recover from the infection. If you have configured Sophos correctly, it should automatically detect and disinfect most boot sector and file infecter viruses. In some cases where Sophos cannot automatically disinfect a virus, the virus analysis will point to a Sophos utility or batch file and instructions for the removal of the virus. Details on disinfection for particular platforms can be found in the appropriate Sophos manual.
Sophos have produced a number of utilities and instructions for removing viruses, these are linked to from the Sophos Disinfection Instructions web page
Sophos for linux v7 will update automatically and supports a number of editions of linux. We provide a preconfigured version which can be obtained from our download page at https://register.it.ox.ac.uk/software.
OUCS also makes Sophos clients available for some Unix operating systems as well as Novell NetWare. These can be downloaded by any registered IT Support Staff, and this will normally include your local IT officer. NB OUCS does not provide direct support for these clients.
Sophos is the primary anti-virus product supported by OUCS and is free for all current University members. However there are various alternatives available; some may be free for home use. If you already have up to date anti-virus software installed that you are happy with you do not need to switch to using Sophos.