Sophos Antivirus
From Jonsdocswiki
Sophos Antivirus (SAV) is subscription based (same as most commerical antivirus) products. Sophos appears as a blue shield in the system tray (or notification area if you will) and will show update processes and errors on this shield (see Sophos Icons below). SAV offers on access protection (that is, each time a file is read it is scanned by Sophos).
Contents |
Using the client
SAV operates an on access scan as each file is requested, this includes reading emails in Thunderbird / Outlook. You can also run right click scans and full system scans as and when you feel appropriate.
Right Click scans
The easiest scan to run, simply right click on the files, folders or drive to scan and click Scan with Sophos Antivirus. A small dialog will appear informing you of progress and ending with either a statement that the file is clean (no infections) or that there are problems.
Full scans
If required, a full system scan can be run, this is invoked from the SAV client console itself:
- Right click on the SAV Shield in the notification area
- Click Open Sophos Anti-virus
- From the window that opens click scan my computer
- Go make a cuppa, you'll be here a while otherwise.
Icons
| Icon | Explanation |
 | The plain blue shield shows that SAV is working correctly and is up to date |
 | An update is in progress. The green highlight moves from top to bottom |
 | The shield with a red cross indicates the update has failed for some reason. (See Errors>Updating below |
 | On access scanning is disabled - this is bad and should only be done temporarily by a knowledgeable user. Re-enable on access scanning as soon as possible (See Sophos Antivirus Config below) |
Client services
- SavService.exe
- SAVAdminService.exe
Errors
Updating
Updating the client's definitions can fail for a number of reasons:
- The time on the Sophos Enterprise server is wrong compared with the Domain Controller's clock, preventing access to the share (see Server General Errors)
- The Sophos Enterprise server may be un-contactable for some reason (for example a network issue of the server is offline).
- Corrupt install
IOR (Windows Event Log)
Error
The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid. For more information, see the RMS status report. To open the report, click Start, point to All Programs, point to Sophos, point to Sophos Anti-Virus, and then click View Sophos Network Communications Report.
Explanation
This means that the computer is not contactable by the remote management system (enterprise console) and is therefore likely off the network.
Fix
Check the computer is on the network if it is supposed to be at the time of the error.
See also
Config
Sophos can be configured at the client level, as well as the server level - this explains some client settings. To get to the configuration editor:
- Right click the Sophos icon in the notification area
- Click Open Sophos Anti-virus
- Click Configure Sophos Anti-Virus (the icon for which is a hammer and spanner, crossed)
On-access scanning
Through the on-access scanning page you can configure settings for this area of Sophos. If the Sophos shield is grey then it may indicate on access scanning is currently disabled.
- Click On-access scanning
- A new windows will appear, on the first tab, scanning, check the box labelled Enable on-access scanning for this computer to enable the on-access scan
- Set any exclusions you require and click OK
Licensing
Sophos is sold through retailers and partners and can be purchased on a subscription basis. 1,2,3 and 5 year subscriptions are available.
See also
- Sophos Antivirus - Installation Problems
- Sophos Enterprise server
- Server General Errors
- Other links in the text
- Sophos Antivirus Home
