05-16-2012 08:26 AM
Have the Lion updated Sophos for Mac. 99% of the threats that appear are not cleaned up automatically but must be handled manually. I now have 25 threats, all on my Time Machine drive. I created a custom scan for the TM drive, where all these threats are located. It ran for two days with no end in sight, and it was wreaking havoc with my computer's functionality. Ultimately, I had to restart the iMac today, thus canceling the scan, which I had my doubts about anyway. It it supposed to take so long?
I looked at a couple of the threats, not all, and I suspect they are all for Windows only. At this point, should I just clear them from the list? I have never been able to get a custom scan to work properly, and just on general principles I would like to make sure I have not done something wrong. Has anyone else had this problem where it just runs endlessly?
05-16-2012 11:44 AM
Please do a search on here for Time Machine
Your best option for removing threats from within Time Machine is to do it by hand, from within Time Machine. Removing threats from outside Time Machine with Time Machine enabled could cause problems with your backups.
If you don't want to worry about potential Windows malware in your backups, just exclude your Time Machine volume from on-access and on-demand scans, and remove the detections from the quarantine manager. I'd also suggest excluding your temporary and cache folders from Time Machine backups, to speed up backups, save space, and prevent conflicts with other software that may read the Time Machine volume.
05-19-2012 05:05 PM
I didn't get the time to address the cleanup until today, and two more threats arrived today although not on TM. I had left the QM on the desktop this week, but when I went back to it today to follow your instructions, it was blank; not even today's threats were on it. What do suppose may have happened? And, can I get that list back in order to eliminate those threats?
In any case, I went ahead and excluded my external drives in the On-Access area, leaving the partitions of my main drive. But I do not see any On-Demand section or tab. Also, I don't know what "virtual TM" is let alone how to exclude it. Can you please provide instructions for that suggestion?
05-25-2012 08:56 AM
05-25-2012 12:44 PM
I am having practical problems reaching Time Machine threats. Do I actually go into TM itself or do I go to the HD on which it is stored? I didn't see how to find the threat by going to TM, so I went to the HD, but I couldn't follow the path since the user library is not available and the Option key trick doesn't appear to work on another HD. Plus those paths are so darn long that I had to print out each one in order to follow it. There has to be a better way to do this.
I selected a preference that apparently deletes the threat without my having to do anything, so I get notification of a threat and when I go to QM, it's blank. Is this a good thing to do? What does it do when it comes to a threat that it cannot clean up?
Do I even have to bother with these Windows only threats, especially when they are on the TM HD?
You talk about setting up a custom scan somewhere for the virtual TM. But I don't find the threats by actually running scans. I just wait until I get notification by Sophos's automatic scanning. Right now I have 4 I'm waiting to deal with on and off TM. This software is an awful lot of trouble--good thing it's free. Plus I am continually aggravated by having to send for a password rest every single time I want to get on here.
05-25-2012 02:29 PM
You actually do go into TM itself.
If the path is something like /Volumes/TimeMachineBackupDrive/DateStamp/MyHD/Use
THEN, go into Sophos Anti-Virus preferences, select On-Access, and add /Volumes/TimeMachineBackupDrive to your exclusion list.
You may also want to take that opportunity to add your caches folders (and anything else you don't need backed up) to the exclusion list in Time Machine itself. This will speed up your backups, reduce the risk of on-access issues, and save storage space.
05-25-2012 05:01 PM
If they were detected on something that rolled off the end of your backup, or were in a cache folder, then they could easily no longer be present (which is why they also vanish from the quarantine manager).
05-26-2012 07:45 AM
Unfortunately, they are still in the QM even though the path cannot be followed. The 3 left are all in spam.mbox. I wonder if I should just the delete the entire spam.mbox from TM. Of what possible use could a backup of the spam folder be?
05-28-2012 10:36 AM
I agree... don't just delete it, add it to your TM exclusion list. I've been doing that a fair bit lately, and my TM is behaving much better now that I've excluded various caches and other folders that I'd never want to restore from backup.