Reply
Moderator
bobcook
Posts: 278
Registered: ‎11-10-2010
0

Mac OS X 10.9 "Mavericks" and SAV for Mac

Apple released Mac OS X 10.9 "Mavericks" today, free for everyone with Snow Leopard or newer.

 

We've been testing our product with this release for many months now and had made numerous changes in version 9.0.3 (the version published about a month ago). The significant changes required were to change how we were building, codesigning, and installing our kernel extensions. You will now find two copies of our kext: one in /System/Library/Extensions and another in /Library/Extensions. This follows Apple's recommendation to support people transitioning from 10.8 to 10.9.

 

The kexts in /System/Library/Extensions are present for compatiblity with versions of Mac OS X prior to 10.9. Starting in "Mavericks" the location is /Library/Extensions. We are codesigning the kexts in /Library/Extensions to conform to Apple's security requirements.

 

If you have issues, please report them in this thread.

----------
Bob Cook
Senior Development Manager
email: bob.cook@sophos.com
SOPHOS Security made simple
Advisor
Iwan
Posts: 10
Registered: ‎10-24-2013
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi there,

 

It seems that Sophos 9.0.3 never stops updating on OSX Mavericks?  (E.g. The menubar icon keeps in downloading state)

 

Tried reinstalling both editions (HE & SA) same problem on both versions

 

The LOG:

 

com.sophos.autoupdate: Sophos AutoUpdate
com.sophos.autoupdate: Version 9.0.3
com.sophos.autoupdate: Copyright © 1989-2013 Sophos Ltd. All rights reserved.
com.sophos.autoupdate:
com.sophos.intercheck: Sophos Anti-Virus
com.sophos.intercheck: Version 4.93, 11 September 2013
com.sophos.intercheck: Includes detection for 5684257 viruses, trojans and worms
com.sophos.intercheck: Copyright (c) 1989-2012 Sophos Ltd, www.sophos.com
com.sophos.intercheck:
com.sophos.intercheck:
com.sophos.intercheck:
com.sophos.intercheck:
com.sophos.intercheck:
com.sophos.intercheck: Info: On-access scanner started at 18:14 on 24 October 2013
com.sophos.intercheck:
com.sophos.autoupdate: Updating catalogue information at 18:15:02 24 oktober 2013
com.sophos.autoupdate: Catalogue updated at 18:15:04 24 oktober 2013
com.sophos.autoupdate: Download started at 18:15:04 24 oktober 2013
com.sophos.autoupdate: Download completed at 18:22:19 24 oktober 2013
com.sophos.autoupdate: Update started at 18:22:19 24 oktober 2013
com.sophos.intercheck: Info: ic_worker_start: kext already loaded at 18:22 on 24 October 2013
com.sophos.intercheck:
com.sophos.autoupdate: Update completed at 18:22:22 24 oktober 2013
com.sophos.autoupdate: Info: Checked primary server at 18:22 on 24 October 2013
com.sophos.autoupdate: Sophos Anti-Virus was updated
com.sophos.autoupdate:
com.sophos.intercheck: Sophos Anti-Virus
com.sophos.intercheck: Version 4.93, 11 September 2013
com.sophos.intercheck: Includes detection for 5689108 viruses, trojans and worms
com.sophos.intercheck: Copyright (c) 1989-2012 Sophos Ltd, www.sophos.com
com.sophos.intercheck:
com.sophos.intercheck:
com.sophos.intercheck: Using IDE files:
com.sophos.intercheck: age-acwm.ide age-acwy.ide age-adat.ide age-adaw.ide age-adbi.ide age-adbj.ide age-adbl.ide age-adbv.ide age-adbw.ide

REMOVED ALL LINES IN BETWEEN

 

com.sophos.intercheck: zbot-gqy.ide zbot-grj.ide zbot-grp.ide zbot-grw.ide
com.sophos.intercheck:
com.sophos.intercheck:
com.sophos.intercheck: Info: On-access scanner started at 18:22 on 24 October 2013
com.sophos.intercheck:

Moderator
bobcook
Posts: 278
Registered: ‎11-10-2010
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi Iwan,

 

It stops eventually. The Mac OS X 10.9 upgrade deletes the contents of /Library/Caches (a perfectly fair thing to do) but that is where we store our product update files. Specifically, we store files under /Library/Caches/com.sophos.sau. So you need to rebuild that cache and its more than 130mb. The AutoUpdate window should give you some indication how much has been downloaded so far.

----------
Bob Cook
Senior Development Manager
email: bob.cook@sophos.com
SOPHOS Security made simple
Advisor
Iwan
Posts: 10
Registered: ‎10-24-2013
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi Bob,

 

The cache is OK. I have a decent internet connection. At the moment the update icon is still showing that bouncing arrow. Nothing is downloaded or updated in the cache for about 2 hours now. So i don't think the cache rebuild is the issue here.

 

Regards,

 

Iwan

Moderator
bobcook
Posts: 278
Registered: ‎11-10-2010
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi Iwan,

 

That is very odd. Ok, let's try killing things off and see what might be going on. First, try restarting the SophosUIServer. Open Activity Monitor, find it i the list and tell it to quit. It should automatically restart. If that isn't the cure, try restarting the SophosAutoUpdate process (you need to view All Processes in order to find it).

 

I am very interested to know which (if either) of these issues resolve the issue.

----------
Bob Cook
Senior Development Manager
email: bob.cook@sophos.com
SOPHOS Security made simple
Advisor
Iwan
Posts: 10
Registered: ‎10-24-2013
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi Bob,

 

I was just rebuilding the cache for the second time. Deleted both sophos cache folders and restarted my mac. Then manually did an update for Sophos. I can see the cache was rebuilded correctly. When it completed the rebuild the Sophos Update Window stopped displaying the mb's downloaded. Just saying sophos was updating.

In the menu:

 

Up to date was greyed out

Update Now was enabled and selectable

Cancel update was greyed out

 

The Sopos icon in the menu bar keeps saying (bouncing arrow) it was updating

The AutoUpdate Window keeps showing the download animation and displayed the text that Sophos was updating

 

......

 

Restarting the SophosUIServer worked for the moment. 

I'll wait a couple of hours and by the next update i'll see if the problem comes up again.

 

Many thanx for the super fast replies so far, 

 

Regards,

 

Iwan

Advisor
Iwan
Posts: 10
Registered: ‎10-24-2013
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

[ Edited ]

UPDATE

 

I just did a complete restart. Clicked update now in the menu bar.

Begins downloading...stops at appx. 46 MB....Then same issue

 

See attachments. The console log says  " com.sophos.autoupdate[119]: Checked primary server: Sophos Anti-Virus is up to date" at the same time

 

scrolling trough the logs i found this line multiple times...... Could it have something to do with the problem?

 

24-10-13 21:50:12,000 kernel[0]: Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
24-10-13 22:19:34,000 kernel[0]: Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
24-10-13 22:41:18,000 kernel[0]: Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
24-10-13 23:02:12,000 kernel[0]: Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
24-10-13 23:03:28,000 kernel[0]: Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).
24-10-13 23:16:42,000 kernel[0]: Notice - new kext com.sophos.kext.sav, v9.0.53 matches prelinked kext but can't determine if executables are the same (no UUIDs).

Iwan

Moderator
bobcook
Posts: 278
Registered: ‎11-10-2010
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi Iwan,

 

This is very curious. Can you post a "sample" (Activity Monitor has a feature that lets you grab a stack trace of any program) of the SophosAutoUpdate process? Seems like its getting stuck somewhere.

----------
Bob Cook
Senior Development Manager
email: bob.cook@sophos.com
SOPHOS Security made simple
Advisor
Iwan
Posts: 10
Registered: ‎10-24-2013
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

[ Edited ]

Hi Bob,

 

I managed to figure it out  and reproduced the problem.

 

The problem rises when i make use of the primary AND de secondary Update credentials. When i make use of only the primary update location again (and restart the SophosUI server manually), the auto update will function normally again.

 

It seems likely that when you uninstall Sophos for Mac SA version and then reinstall Sophos for Mac HE version, the settings from the previous version are still there only not visible. Allso i found 1Password to be working without the 127.0.0.1 exclusion. It was still being used by Sophos but not showing in the new HE version, so a leftover from the previously installed SA version.

 

 

Hope this info helps you to fix that (i think) little bug.

 

Regards,

 

Iwan

Moderator
bobcook
Posts: 278
Registered: ‎11-10-2010
0

Re: Mac OS X 10.9 "Mavericks" and SAV for Mac

Hi Iwan,

 

Thanks for the explanation, that is definitely much of a relief to know its not related to 10.9.

 

You are right about the preferences being left behind. This was true for all versions of the product including 9.0 although our current project (9.1) changes that behavior. At one time it was considered "beneficial" since you could uninstall and reinstall without losing your settings. But the reality is that if someone is uninstalling, they likely want a real clean machine (and not have our files left around behind).

----------
Bob Cook
Senior Development Manager
email: bob.cook@sophos.com
SOPHOS Security made simple