Below is a list of commonly asked questions concerning Sophos Anti-Virus. If you have any questions about the software and how to install or operate Sophos that is not in the Windows Instructions, Mac Instructions or Linux Instructions, and that is not answered below, refer to your local IT Support or contact the Help Centre.
Note that problems with a departmental or college computer should generally be referred to your local IT Support staff.
If you are looking for information about the Flashback/Flashfake virus infection on Mac computers please see our Flashback page for removal tools and other information about protecting your machine and data.
2. My Sophos installation on Windows failed; what do I do?
If the Oxford Sophos Antivirus Installer fails to install Sophos for Windows it will display a red shield and the message Install Failed. It may also display a reason for the failure.
There can be a number of reasons why the installation fails but the most common reason is that you already have another antivirus software product installed such as a product from Norton, McAfee, AVG and others.
If you already have up to date antivirus software installed and protecting your computer
then you don't need to install Sophos as well. If you want to switch to using Sophos
instead you should first uninstall the other product using the
Features control panel (Vista and Windows 7) or the
Programs control panel on Windows XP. You can access the
Panel from the
If you have uninstalled any other antivirus software and still have problems installing Sophos then you will need to send us some log files to help us figure out what has gone wrong.
Right-click on the Oxford Sophos Antivirus Installer screen and select
[Export System Logs].
If the Oxford Sophos Antivirus Installer isn't running, start it up again and
once you can see the
Start button again right-click on the installer
window and select
[Export System Logs].
The screen will show that the log files are being collected. This can take a few minutes.
Once complete you should have a file called sophoslogs.zip on the desktop. The Oxford Sophos Antivirus Installer window will display instructions together with an email address. Send an email to the address shown on the screen and attach the sophoslogs.zip. Please use an appropriate subject line such as Sophos installation failed and include a brief description of the problem and anything you have already tried (such as uninstalling another product).
3. How can I tell whether my installation uses current updating credentials?
The credentials used to update Sophos Anti-Virus automatically are valid for around 14 months and expire during November each year. Once they have expired, Sophos will no longer be able to download updates, and your computer will be more vulnerable to new viruses etc.
To make sure that you keep your computer(s) up to date, you will need to download and install a new Sophos package in October each year.
To determine whether Sophos installed on a computer is using the latest 2011–12 credentials or the old 2010–11 credentials, check the Sophos Autoupdate settings as described below to see which username it is using. If the username starts em47 then you are already up to date as you have the most recent credentials that expire in November 2012. If it starts em78 then you are using the older credentials that expire at the start of November 2011 and you should download the latest package and install it. If the username starts with any other letters and/or numbers, it may be using a local configuration (this is likely on college or departmental system); please check with your local IT Support staff before making any changes.
You can check the username on systems running Windows, OS X and Linux as described below. If the username is the wrong one, see the question My Sophos installation is still using last year's credentials. How do I fix this? for details on resolving the problem.
Open the Sophos program from the
Start menu and click on
The username is shown on the
Primary server tab.
Mac OS X
To check the username on OS X systems, click on the shield on the menu bar (usually
top-right near the clock) and choose
[Open Sophos Anti-Virus Preferences...].
The shield may be solid or outline depending on the version of Sophos Anti-Virus you are
have installed (7 or 8).
Figure images/mac-shield-normal.gif [Mac v7 black shield icon]
Figure images/v8-mac-shield-normal.png [Mac v8 black shield icon]
Click on the
[AutoUpdate] option and look for the entry against
Username:. If it is hidden you may need to click on the
padlock (bottom left) and enter your password when prompted to reveal
To check the username on Linux systems, from a command line or terminal session, run
sudo /opt/sophos-av/bin/savsetup. Accept the default options of
[ Auto-updating configuration] and then
[ Display update
configuration] to see the username that Sophos is using.
4. My Sophos installation is still using last year's credentials. How do I fix this?
You need to download and install the latest Sophos package annually during October to make sure that it is using the latest set of credentials to download updates. If you haven't updated Sophos this year, follow the links and instructions from the Main Sophos web page to download and install the latest version.
If you have already downloaded and installed the latest version of Sophos and the credentials are still wrong, you should uninstall Sophos completely and then install the latest version again. Whether you experience this problem tends to depend on the operating system you use. On Windows the problem doesn't normally occur. However we do see this from time to time on Mac OS X and on the linux platform you will always see this problem if you don't uninstall the previous version of Sophos before you install the new one.
For details of how to uninstall Sophos see below.
5. How do I uninstall Sophos?
To uninstall Sophos on Windows, open the
Control Panel and then
Programs and Features (Windows 7 or Vista) or
Add or Remove
Programs (XP). You should have two Sophos entries in the list. These are
[Sophos Anti-Virus] and
[Sophos AutoUpdate]. To completely remove
Sophos you need to uninstall both of them. Select one and click on
Uninstall (Windows 7 or Vista) or
Remove (Windows XP).
When the first Sophos program has been removed, repeat the process to remove the other.
You will usually be prompted to reboot your computer after you uninstall the
To uninstall Sophos on OS X, open your computer in the
[Computer] from the
[Go] menu). Open your hard disk, which is
Macintosh HD unless you have renamed it. Then open
Library folder and finally the
Anti-Virus folder. Double-click on
Anti-Virus.pkg and follow the prompts to uninstall Sophos. Note that the
prompts may look as if you are installing rather than uninstalling; this is normal.
To uninstall Sophos on Linux, run the command
6. Why can't I see the Sophos shield in the Windows system tray or OS X system status bar (near the clock)?
On Windows and OS X systems the shield may occasionally disappear for a short time while Sophos is installing updates. Normally however it will reappear within a few minutes.
If the shield disappears permanently then unless you are running Windows 7 try restarting your computer; if that fails try reinstalling Sophos. On Windows 7 however there may be a different reason and you should try the following first before restarting your computer or reinstalling Sophos.
On systems running Windows 7 the display options for the system tray icons are different and as a result you may rarely if ever see the shield. However if Sophos is running normally you should be able to see the shield by clicking on the double up-arrow near the clock to display any hidden icons.
If you can see the blue shield when you do this then everything is running normally. However because the shield is hidden it does mean that you are more likely to miss problems with your Sophos installation. We recommend that you change the settings so that the shield is always visible as follows (this isn't an issue on Windows XP and Vista).
To change the settings select
[Customize] from the menu that appears when you
click on the double up-arrows near the clock.
This will open the
Notification Area Icons control panel. Look down
the list (and if necessary scroll down) until you see the entry for
Security and Control]. From the drop-down list next to it change the setting to
[Show icon and notifications.]
7. Where do I obtain the software?
For installation on personal machines, please use the table on the Sophos index page to download software and view instructions.
8. What versions are available?
We are currently distributing Sophos Anti-Virus for Windows version 10.0, Sophos Anti-Virus for Mac OS X version 8 and Sophos Anti-Virus for Linux version 7.5. Additional Sophos software is available to registered IT Support Staff — see the Information for IT Support Staff page.
9. What platforms does these versions run on?
Sophos for Windows version 10.0 runs on Windows 7, XP (SP1a and above), Vista and 2000 (SP3 and above). On the Mac, Sophos for OS X version 8 runs on OS X 10.4 – 10.8. For Linux system requirements see Sophos Anti-Virus for Linux: system requirements.
10. Do I need to uninstall other anti-virus products before installing Sophos?
Absolutely. If you currently have a different anti-virus product installed on your machine, you must uninstall it before installing Sophos.
11. How do I check that Sophos is installed and running properly?
Sophos for Windows
If you see a
blue and white shield in the Windows system tray (usually
bottom-right of the screen, near the clock) then Sophos is running properly. On Windows 7
the blue shield may not be visible. To view the shield on Windows 7 see the answer to the
question Why can't I see the Sophos shield in the Windows system
tray or OS X system status bar (near the clock)? above.
Sophos for Mac OS X
On OS X the shield appears in the system status bar (usually top-right of the screen) and is black rather than blue. Depending on the version of Sophos the shield may be solid (version 7) or appear as an outline (version 8).
Figure images/mac-shield-normal.gif [Mac v7 black shield icon]
Figure images/v8-mac-shield-normal.png [Mac v8 black shield icon]
Sophos for Linux
On Linux, run the command
which should give output such as
Sophos Anti-Virus is active and on-access scanning is running,
and use the command
to see when Sophos last downloaded updates.
12. What do all the different shield icons mean?
On Windows and OS X systems Sophos puts a shield icon in the system tray near the clock (Windows systems) or the system status bar near the clock (OS X systems). The shield can appear in a variety of colours, and can have additional symbols superimposed on top of the shield.
NB on Windows 7 the blue shield may not be visible. To view the shield on Windows 7 see the answer to the question Why can't I see the Sophos shield in the Windows system tray (near the clock)? above.
Blue and white shield
This icon is used by Sophos for Windows version 10 and means that Sophos is running normally.
This icon is used by older versions of Sophos for Windows and means that Sophos is running normally.
Outline black shield
This icon is used by Sophos for OS X version 8 and means that Sophos is running normally.
Solid black shield
This icon is used by Sophos for OS X version 7 and means that Sophos is running normally.
Outline grey shield
This icon is used by Sophos for OS X version 8 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.
Solid grey shield
This icon is used by Sophos for OS X version 7 and means that on-access scanning is disabled so that Sophos will not automatically be checking for viruses when you open files on your computer. This indicates a problem which needs to be investigated and fixed. See the entry Sophos isn't running properly. Why, and what should I do? for possible reasons and solutions.
Blue and white shield with yellow triangle and exclamation mark
You will see this on Windows systems running Sophos for Windows version 10 and above. It indicates some sort of problem or action that you need to take. The most common reason is that Sophos needs you to restart the computer, but it may also indicate a different problem such as on-access scanning disabled.
Sophos will normally also display a message box to show you what the problem is as shown below.
Figure images/v10-win-shield-message-onaccess-disabled.png [Windows shield with exclamation and popup]
If the reason shown indicates a more significant problem than Sophos just needing a reboot then see the entry Sophos isn't running properly. Why, and what should I do? below for possible reasons and solutions.
Blue and white shield with red circle and white cross
If you see a red cross (some may notice that it's really a white cross on a red background) on the shield it means that the last time that Sophos tried to check for updates, it failed for some reason, perhaps because it does not currently have the required network connection. See the entry Sophos isn't updating itself. Why, and what should I do? for possible reasons and solutions.
Outline black shield with cross in the centre
On OS X systems running Sophos version 8 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.
Solid black shield with cross in the centre
On OS X systems running Sophos version 7 then if updating fails then you'll see a black shield with a cross in the middle of it. See the entry Sophos isn't updating itself. Why, and what should I do? below for possible reasons and solutions.
13. How do I keep Sophos up to date?
The Sophos client updates automatically via the Internet — you don't have to update it yourself. The current Sophos client will continue to update automatically until November 2012 at which point you will have to download and install a new version of the software. OUCS makes this new version available by the beginning of Michaelmas term every year. NB when you download the Sophos client you will automatically be registered on the sophos-users mailing list. This is used only to notify you of major changes or updates to Sophos.
14. Sophos isn't updating itself. Why, and what should I do?
This can happen for a number of reasons, but usually it is because the Sophos client cannot connect to the Sophos servers to update itself. There may be a number of causes as follows.
The most common reason is if Sophos tries to update itself before your computer has
connected to the internet. This is often seen if you are using a USB modem for your
broadband connection. The symptoms are usually that you see a red cross every time you
start up the computer, but if you try a manual update, it succeeds and the red cross
disappears. To start a manual update, right-click on the blue shield with the red cross
[Update now]. The workaround is to update Sophos manually once you
have connected to the internet.
If your computer is not connected to the internet you should expect to see updating fail. This is normal and should correct itself within an hour of connecting your computer to the Internet.
Occasionally the Sophos client cannot connect to the Sophos update servers because they are unavailable for some other reason, such as a temporary internet problem. If this is the case, the symptoms are that a manual update will fail, but a while later (e.g. an hour, and certainly within a day), the update will succeed, and you should not see the problem again. If this is the problem you don't need to take any further action.
If Sophos stops updating around November each year, this may be because the credentials used to access the updates have expired. This does not normally apply to college or departmental machines, only to your own personal desktop or laptop. In this case a manual update will never succeed, no matter how long you wait. Refer to the question How can I tell whether my installation uses current updating credentials? to find out whether this is the cause of the problem, and to My Sophos installation is still using last year's credentials. How do I fix this? to find out what to do about it. Note that if the problem occurs on a college or departmental system, we recommend that you don't reinstall Sophos yourself as it may overwrite a locally configured installation. Instead, refer to your local IT Support staff.
If none of the above works, then ask your IT Support staff or refer to the Help from OUCS pages as appropriate.
15. Sophos isn't running properly. Why, and what should I do?
The grey shield means that Sophos isn't checking files automatically for viruses when you open them. The blue shield with a yellow triangle and black exclamation can also indicate the same problem. It may be that the Sophos Anti-Virus service has crashed for some reason, so try rebooting your computer to see whether this solves the problem. If this fails, try downloading the latest version from https://register.it.ox.ac.uk/software and install. If the problem occurs on a departmental or college system refer first to your local IT Support staff as reinstalling Sophos may overwrite a locally configured installation. If you still have problems, ask your IT Support staff or refer to the Help from OUCS pages as appropriate.
16. What if Sophos finds a virus?
Check the relevant virus analysis to find out how to recover from the infection. If you have configured Sophos correctly, it should automatically detect and disinfect most boot sector and file infecter viruses. In some cases where Sophos cannot automatically disinfect a virus, the virus analysis will point to a Sophos utility or batch file and instructions for the removal of the virus. Details on disinfection for particular platforms can be found in the appropriate Sophos manual.
Sophos have produced a number of utilities and instructions for removing viruses, these are linked to from the Sophos Disinfection Instructions web page
17. I'm running Linux. Is there an auto-updating client?
Sophos for linux v7 will update automatically and supports a number of editions of linux. We provide a preconfigured version which can be obtained from our download page at https://register.it.ox.ac.uk/software.
18. What other operating systems are supported by Sophos?
OUCS also makes Sophos clients available for some Unix operating systems as well as Novell NetWare. These can be downloaded by any registered IT Support Staff, and this will normally include your local IT officer. NB OUCS does not provide direct support for these clients.
19. Are there any alternative anti-virus products I could consider using?
Sophos is the primary anti-virus product supported by OUCS and is free for all current University members. However there are various alternatives available; some may be free for home use. If you already have up to date anti-virus software installed that you are happy with you do not need to switch to using Sophos.