12-07-2011 02:15 PM
Over the last few days I have been experiencing an issue where my MacBook Pro running 10.7.2 and running Sophos AV 7.6.3C, will completely freeze and require me to physically power off the Mac. This happens immediately upon logging into my user account when starting up from off.
I can confirm that this happens regardless of where I disable all start-up items (performed by logging in while holding the Shift key) or during normal startup.
Do you other users that experience this?
I'm disappointed with the Sophos AV for Mac product, as I haven't experienced this with any of your 'paid for' enterprise products.
If you would like any logs from my system, I am happy to provide them.
Many thanks in advance.
12-07-2011 03:56 PM
Do you have the same issues with on-access scanning disabled? Turning off start-up items shouldn't make a difference to SAV.
Also, are you using encrypted volumes, and do you have Time Machine enabled?
We do have a known issue to do with Time Machine backups that affects a few people; the fix is already slated for a release next year.
I haven't heard of anyone else locking up at boot however, so we may want to examine how your system differs from standard setups to isolate the issue.
12-08-2011 02:06 AM
12-08-2011 09:00 AM
Logs would be useful, but I'm not sure which ones I'd need yet... although the timing and update scenario help.
Did you happen to apply any updates/patches on Saturday/Sunday? The Safari update, for example?
A snippet of the system log surrounding the crash would be useful, as would /Library/Logs/Sophos Anti-Virus.log, and any CrashReporter and DiagnosticReports logs you feel might be related.
12-10-2011 09:10 AM
As I promised, I have just had a look at the logs that you've listed and I'm afraid that I can't find anything the 'Sophos' logs that talk about updating activity they only list the activity that is centred around the scans that I have run. However, I have found the following within the 'System' log that is around the time that I had laptop lock up;
Dec 7 19:19:50 macbook001 SophosAutoUpdate: WARNING: The sun_len field of a sockaddr_un structure passed to CFSocketSetAddress was not set correctly using the SUN_LEN macro.
Dec 7 19:41:34 rangers7 SophosAutoUpdate: WARNING: The sun_len field of a sockaddr_un structure passed to CFSocketSetAddress was not set correctly using the SUN_LEN macro.
Dec 7 19:47:11 rangers7 com.apple.launchd.peruser.501 ([0x0-0xe00e].com.sophos.ui): Exited: Killed: 9
Dec 7 19:47:20 rangers7 SophosAutoUpdate: WARNING: The sun_len field of a sockaddr_un structure passed to CFSocketSetAddress was not set correctly using the SUN_LEN macro.
I switched the Mac on and logged in at 19:19:50 on December the 7th and I then brought the system backup up and logged on again at 19:41:34. Looking in the Diagonstic and Usage Messages' log the only activity that was going at this time was connecting to the local wirless network.
When I have a look in the 'CrashReporter', 'DiagonsticReports' and 'HangReporter' logs there is nothing logged at all regarding Sophos or anything for the last two weeks, while I was experiencing the issue with Sophos' 'On-Access Scanner' causing the Time Machine backups to stall and freeze the laptop, which was manisfesting at a Firefox crash.
From everything that I can see it appears that the reason for the laptop freezing, was due to Sophos connecting to the update servers to see if there were any new virus patterns. So you know, I have booted up this after with exactly the same configuration of that on the 7th of December and I experienced no issues.
If you need anything further from me, just let me know.
12-10-2011 12:34 PM
Thank you! That was extremely informative. I will make sure both the dev team and the systems team are notified about this.
12-11-2011 01:43 PM
Not a problem. I will keep an eye on how the application behaves over the next few weeks, as it has been happening when least expected. If I come across anything within any of the logs, I will upload it here and we'll see where we are.