Scheduled scans in Sophos Anti-Virus for Windows hang at approximately 2-3% and do not complete on computers with large storage devices

  • N.º del artículo: 120720
  • Actualizado: 11 jul 2014

Following the release of the 3.50 (later versions are also affected) engine in January. Scheduled scans on Windows servers with disk arrays hang, stopping at approximately 2-3%~ progress.

The fix for this issue will be included with the release of engine version 3.51.1 released in April to both the Preview and Recommended Sophos Update Manager subscriptions.

Applies to the following Sophos product(s) and version(s)

Sophos Anti-Virus for Windows 2000+

(All versions of SAV for Windows that have engine 3.5x and above)

Operating system

Windows

Cause

There is an engine defect in version 3.50 that is triggered by certain identities that perform an Master Boot Record (MBR) or Volume Boot Record (VBR) scan for boot-sector based malware.

What To Do

There are three options available. the first one is the recommended option. Options 2 and 3 will not be able to perform a boot sector scan.

1. Downgrade to a version of Sophos Anti-Virus with Engine version 3.48

Create a new Subscription in Sophos Update Manager and select the appropriate package version marked with 'Oldest' or with 'VDL4.96G'. This should only be applied to a group of computers affected by this issue.

Note: KBA 118520 explains how to create and deploy a new subscription.

2. Perform a SAV32CLI scan without a boot-sector scanning

  1. Open a command prompt window as an Administrator.
  2. Run SAV32CLI with a specific location, for example:
    Sav32cli C:\ -p=%temp%\sophos_scan.log

3. Disable MBR scanning in your scheduled scan

Disabling the boot-sector scanning in a scheduled scan will workaround the problem, if a managed scheduled scan is altered in the machine.xml file a recomply with policy will remove the change. 

  1. Logon as an Administrator. 
  2. Open Services, stop the Sophos Anti-Virus service.
  3. Open the configuration file containing the scan details.
    • For scheduled scans, use:
      C:\ProgramData\Sophos\Sophos Anti-Virus\Config\machine.xml
    • For non scheduled scans, use:
      C:\Users\<user>\AppData\Local\Sophos\Sophos Anti-Virus\Config\user.xml
  4. Locate the details for the scan. These are identified by a scan node:

    <scanJobs>
    <scan id="{97721CA8-3BD4-488D-B6DF-F9706EA58958}" ScanType="NormalScan">
    <displayInfo>
    <description>
    <object ind="0">
    <item type="marker" ind="0">CStr</item>
    <item type="string" ind="1">TestScan</item></object>
    </description>
    </displayInfo>


  5. In this case the scan is called “TestScan”. Locate the “areas” tag for the “scan”.
  6. Locate the ScannableDrive (SDrive) entry in the areas list.

    <areas>
    <object ind="0">
    <item type="marker" ind="0">SOCollection</item>
    <item type="unsigned" ind="1">2</item>
    <object ind="2">
    <item type="marker" ind="0">SDrive</item>
    <item type="signed" ind="1">3</item>
    <item type="string" ind="2"/>
    <item type="unsigned" ind="3">3</item>
    </object>


  7. Change the drive type entry from 3 to 0 as shown below with an underline

    <object ind="2">
    <item type="marker" ind="0">SDrive</item>
    <item type="signed" ind="1">3</item>
    <item type="string" ind="2"/>
    <item type="unsigned" ind="3">10</item>
    </object>


  8. Save machine.xml. 
  9. Start the Sophos Anti-Virus service.
  10. The scan should now complete.

 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios