How do I obtain Antivirus software?
Current faculty, staff and students can utilize ITS-Managed Sophos anti-virus by downloading and installing from your Account Management page at https://support.uidaho.edu/.

Can I use Sophos on my home computer?
Each UI License for Sophos includes home use for one (1) workstation. This means that each UI employee and student can install Sophos on 1 home computer. Support and upgrades for Sophos come from the ITS Help Desk and not directly from Sophos.

How do I install or update my Sophos Antivirus Software?
You may follow our PC or Mac for instructions. However, you may also contact the ITS Help Desk at (208) 885-4357 for assistance.

What about my current Symantec software?
Symantec software previously obtained from ITS is no longer under contract and must be removed from all machines. Sophos was chosen to enhance virus protection at the University.

Do I need to uninstall my current software before installing Sophos?
Our Sophos install package is designed to call the uninstallation routines of many other Antivirus vendors, including versions of Symantec recently installed on campus. If the UI Sophos package does not remove your existing antivirus software, removing the package manually through Add/Remove Programs should be sufficient. Contact the Help Desk if you need assistance. In the case of Norton, you may need to use the Norton Removal Tool to completely remove the software.

I tried Sophos, but how do I uninstall?
If you encounter any difficulties with Sophos, ITS would like to know! Please contact the Help Desk to discuss any issues you may be experiencing. If you need to uninstall for any reason, instructions are available for both Mac and PC.

There are lots of free antivirus programs available - is Sophos better?
Sophos Anti-Virus is an award winning anti-virus program that protects your computer from viruses that may try to enter your computer via email, downloads or removable media. Sophos Anti-Virus include an on-access scanner that provides constant real-time protection with minimal system overhead and an auto updater, which allows automatic downloads of updated virus definitions and application updates. Sophos has over 25 million users from organizations of all sizes world-wide. For more information about Sophos, please visit their website at: http://www.sophos.com

How do I keep Sophos up to date and protecting me?
Simply right-click the Sophos icon in your system tray and select “Update Now”. Please note that Sophos automatically updates its virus definitions every 30 minutes either from ITS or directly from Sophos, so it will check for the newest antivirus updates automatically.

Is Sophos Antivirus available for Macintosh users?
These days, more and more malicious software is targeting the Macintosh operating system, and Sophos has tailored a version of anti-virus software for the Macintosh. Like the Windows version, the Mac version can be downloaded and installed from the support website

Do I need to run a manual scan of my system?
You should rarely need to manually scan your computer for viruses because Sophos scans for viruses as you access files on your computer. However, if you wish to perform an immediate scan, right-click the Sophos icon in your system tray, select “Open Sophos Anti-Virus”, then when the Sophos control panel opens, select “Scan my computer”. Sophos is scheduled to automatically scan your system at 12:05pm Monday and Friday, and 9pm Tuesday, Wednesday, and Thursday. Making sure your computer is on during one or more of these times will help ensure it gets scanned regularly.

Should I be using the Sophos Client Firewall?
By default, the Firewall will only be installed on computers that are already joined to ITS Active Directory, or "AD". Also, the machine must be running 32-bit version of XP or Vista and the Cisco VPN Client cannot be installed. Future versions of Sophos Firewall will support other operating systems and should be flexible enough to support a wider range of users. The Windows firewall should be used when no better firewalls are available.

My Sophos Client Firewall icon is red, what is wrong?
Most common applications should be allowed through the firewall automatically, but if you have problems with an application or your firewall icon keeps turning red instead of the normal blue color, see our firewall troubleshooting page for more information.

My machine can't retrieve updates and Internet Explorer no longer works.
Many Antivirus Suites don't uninstall cleanly and may leave your machine in a broken state.  While Sophos does uninstall many products, it does this by running the application's own uninstall procedure so if the application doesn't uninstall itself cleanly, Sophos won't be much help. In particular, Norton and McAfee have presented issues at the Help Desk.  Tools are available from each vendor to more cleanly remove the products.  Even if they haven't been installed recently on the machine or appear to be gone from Add/Remove programs, portions of the programs may still exist.  Tools are available at the following links:

• Norton Removal Tool

• McAfee Consumer Product Removal

• AVG Remover

• OneCare Clean-Up Tool

My machine had McAfee, but after uninstalling, pages no longer render properly in Internet Explorer (for example, www.uidaho.edu).

It appears that some components do not get uninstalled properly by McAfee and leave Internet Explorer partially broken. Running the McAfee Product Remover (MCPR.exe) followed by the re-registration of Internet Explorer Dynamic Link Libraries resolves the issue. Use Microsoft Fixit 50191 to re-register the Dynamic Link Libraries.

I'm a UI employee, but I work remotely; therefore, I'm not directly connected to the university network. After installing Sophos my other Antivirus is gone but Sophos has a white-on-red "x" over the shield. I am afraid I'm not protected!?

There is a specific issue with the installation of Sophos when the management server cannot be reached that creates this situation. While Sophos AutoUpdate will failover to directly get updates from sophos.com when the management server is unreachable, it cannot obtain the Remote Management System component directly from Sophos - only from UI. There are a couple of ways to verify and resolve this issue:

1. If you can reach http://deskman-sophos.its.uidaho.edu:8181/ and see the "page intentionally blank" message, then you can be managed and the issue is something unrelated.

2. Verify that the Sophos install did complete by opening Sophos Antivirus directly from the Start Menu or by right-clicking on the tray icon. Once opened, it should have a "Last Updated" date and time on the left that corresponds with the current day. Note: you have protection as long as this is current, despite icon warnings.

3. If you have VandalVPN access, connect to UI and then click the tray icon to "Update Now". This will cause the missing components to install and the issue shouldn't recur when disconnected from the UI network

4. Uninstall Sophos and reinstall using the "Personal or Home" option to avoid using the RMS component. Because you are on remote sites your computers won't regularly be able to check in with the central server anyway.

5. Wait for the revised installer package which should address the issue for you.

I'm on the UI network and my Sophos is showing the white-on-red "x". 

Does Sophos run on Windows 7?
While ITS does not yet fully support Windows 7 there has been limited testing and there are no known issues.

Does Sophos run on MacOS X 10.6 (Snow Leopard)?
Sophos has announced full support for Snow Leopard, and it should behave normally in both upgrade and clean install scenarios on 10.6.

Other Antivirus Issues

What is the University doing to stop viruses?
The UI has an e-mail virus scanning gateway on the @uidaho.edu servers. All messages with viruses attached are automatically dropped by the system and not delivered. We also block messages from being delivered that have un-common extensions potentially sent as viruses. These include: 386 3gr add ade asp bas bat chm com cmd cpl crt dbx dll fon hlp hta inf ins isp js jse lnk mdb mde msc msi msp mst ocx pcd pif reg scr sct shs shb url vb vbe vbs vxd wsc wsf wsh

What are computer viruses?
Simply speaking, computer viruses are self-replicating programs usually created to propagate to as many machines as possible and/or try to destroy data on the "host" computer. If not protected against, they can cause organizations to lose time, money and their reputation.

How are viruses spread?
Viruses can be spread by many means. They can be spread on any type of removable media (floppies, CDs, flash drives), network drives and shares, and through e-mail.

What are email viruses?
Email viruses are the viruses sent via email attachments and are very common. The reason for this is that many email programs make it very easy to run attached files, or "attachments", that include a virus. Many of these viruses are also "address book" aware, meaning they will use an email address book to send messages, causing the message to appear valid since most people know each other in their address books.

Why is knowing about email viruses so important?
It is important to understand that, in most cases, email viruses are voluntarily executed on "host" computers. This means that you can easily stop the spread of a virus, or a virus infecting your computer, by paying special attention to email attachments. If you receive a message containing an attachment make sure that you are expecting that attachment from that person. Don't assume that because it has your name, a note specifically to you, or is concerning your work; it is safe to open.

How do I know if a virus threat is real or a hoax?
One of the true problems when protecting yourself against viruses is trying to determine which viruses are real and which ones are not. Virus hoaxes are notices sent out about viruses that don't actually exist. They are created usually in the hopes the message will be propagated, via email, between "good Samaritans" wanting to make sure their co-workers, friends, and family know about the potential virus threat. In some cases, these email messages can be detrimental, like a real virus, since they may overload servers with useless messages and cause questions for technical support centers. To determine if a virus is real or a hoax you should visit an Antivirus software vendor's web page, like http://www.sophos.com, and search the virus library for information on the virus.

What additional security resources are available?
Click here for additional information on UI Network Security