What is Sophos antivirus?
Sophos is an antivirus program offered for free by the University of Idaho for current students, staff and faculty to protect their computers from virus threats. ITS supports Sophos installations for both Windows and Mac machines. You can learn more about Sophos below:
Frequently asked questions
- How do I obtain Antivirus software?
- Can I use Sophos on my home computer?
- I am no longer affiliated with UI. Can I continue to use Sophos?
- How do I install or update my Sophos Antivirus Software?
- Should I join Active Directory before installing Sophos?
- Do I need to uninstall my current software before installing Sophos?
- I tried Sophos, but how do I uninstall?
- There are lots of free antivirus programs available – is Sophos better?
- How do I keep Sophos up to date and protecting me?
- Is Sophos Antivirus available for Macintosh users?
- Do I need to run a manual scan of my system?
- Should I be using the Sophos Client Firewall?
- My machine can’t retrieve updates and Internet Explorer no longer works.
- My machine had McAfee, but after uninstalling, pages no longer render properly in Internet Explorer (for example, www.uidaho.edu).
- I’m a UI employee, but I work remotely; therefore, I’m not directly connected to the university network. After installing Sophos my other Antivirus is gone but Sophos has a white-on-red “x” over the shield. I am afraid I’m not protected!?
- I’m on the UI network and my Sophos is showing the white-on-red “x”.
- Does Sophos run on MacOS X 10.8 (Mountain Lion)?
- I receive the error message “You do not have sufficient privileges…” What causes this error and how do I correct the problem?
- I have a problem installing/running a program after installing Sophos – How do I fix this?
- Other Antivirus Issues
Current faculty, staff and students can utilize ITS-Managed Sophos antivirus by accepting the Sophos agreement from your Account Management page at https://www.sites.uidaho.edu/support/ and then downloading Sophos from the software download page. ITS has set up tutorials on how to install Sophos antivirus, which you can find on our tutorial page.
Yes. Each UI License for Sophos includes home use for one (1) workstation. This means that each UI employee and student can install Sophos on 1 home computer in addition to their work computer. Support and upgrades for Sophos come from the ITS Help Desk and not directly from Sophos.
You can still use Sophos, but you will be unable to download new antivirus definitions. Sophos is only licensed for currently affiliated Faculty, Staff, and Students. If you graduate or leave the university, you will need to choose your own Antivirus product to replace Sophos on your personal computer. While ITS does not support these products, these are suggested free alternatives:
- AVG Free Edition: http://free.avg.com/
- Avira Antivir: http://www.free-av.com/
- Microsoft Security Essentials: http://www.microsoft.com/Security_Essentials/
ITS has set up step-by-step tutorials on installing Sophos antivirus for Windows and Mac OS X, as well as troubleshooting assistance and uninstall instructions. These tutorials, along with others, can be found on our tutorial page.
For UI-managed or owned machines, yes. This ensures that your computer is named appropriately and it will get the appropriate policies applied for your prefix group. Also, AD-joined computers get the Sophos Client Firewall by default which provides additional protection. Use the instructions for joining your UI Windows computer to Active Directory before installing Sophos whenever possible.
Yes, it is important to wipe your computer of any previous antivirus software before installing Sophos. To remove currently-installed anti virus software on your machine, access the control panel and the add/remove programs or installed programs list and remove the installations manually.
In the case of Norton antivirus or Internet Security Suite, you will need to use the Norton Removal Tool to completely remove the software.
Just as other antivirus software needs to be removed before installing Sophos, the reverse is true. Once you have left the university, be sure to take the steps of uninstalling Sophos so you can install an antivirus program of your choice without issues. ITS provides step-by-step tutorials on how to uninstall Sophos on Windows and Mac OS X machines.
Sophos antivirus is an award winning anti virus program that protects your computer from viruses that may try to enter your computer via email, downloads or removable media. Sophos include on-access scanning that provides constant real-time protection with minimal system overhead and an auto updater, which allows automatic downloads of updated virus definitions and application updates. Sophos has over 25 million users from organizations of all sizes world-wide. For more information about Sophos, please visit their website at: http://www.sophos.com
Sophos automatically updates its virus definitions every 30 minutes either from ITS or directly from Sophos, so it will check for the newest antivirus updates automatically. You can force Sophos to manually update by right-click the Sophos icon in your system tray and select Update Now. Please note that
Yes. Antivirus software should not be neglected on Macintosh machines. These days, more and more malicious software is targeting the Macintosh operating system, and Sophos has tailored a version of antivirus software for the Macintosh. Like the Windows version, the Mac version can be downloaded and installed from the support website
You should rarely need to manually scan your computer for viruses because Sophos scans for viruses as you access files on your computer. However, if you wish to perform an immediate scan, right-click the Sophos icon in your system tray, select open Sophos Endpoint Security and Control, then when the Sophos control panel opens, select Scan my computer.
Sophos automatically schedules to scan UI systems at 12:05pm Monday and Friday, and 9pm Tuesday, Wednesday, and Thursday. Personal/Home installs of Sophos are now set to scan at 3am Sunday, Tuesday, and Thursday. Making sure your computer is on during one or more of these times will help ensure it gets scanned regularly.
By default, the Firewall will only be installed on computers that are already joined to ITS Active Directory, or “AD”. Running the Sophos firewall is not strictly necessary, as the Windows/Mac firewall should be enabled by default and used. These firewalls provide adequate protection against most computer threats.
If your computer is 64-bit and connected to Active Directory, you can add the Sophos Client Firewall to your configuration if you did not have it previously. Contact the Help Desk for assistance. Please note that if you are running 32-bit Windows XP and the Cisco VPN Client, you will not be able to run the Sophos Client Firewall. At this time, there is no Sophos Client Firewall software for Mac users.
Many Antivirus Suites don’t uninstall cleanly and may leave your machine in a broken state. While Sophos does uninstall many products, it does this by running the application’s own uninstall procedure so if the application doesn’t uninstall itself cleanly, Sophos won’t be much help. In particular, Norton and McAfee have presented issues at the Help Desk. Tools are available from each vendor to more cleanly remove the products. Even if they haven’t been installed recently on the machine or appear to be gone from Add/Remove programs, portions of the programs may still exist. Tools are available at the following links:
My machine had McAfee, but after uninstalling, pages no longer render properly in Internet Explorer (for example, http://www.uidaho.edu).
It appears that some components do not get uninstalled properly by McAfee and leave Internet Explorer partially broken. Running the McAfee Product Remover (MCPR.exe) followed by the re-registration of Internet Explorer Dynamic Link Libraries resolves the issue. Use Microsoft Fixit50191 to re-register the Dynamic Link Libraries.
I’m a UI employee, but I work remotely; therefore, I’m not directly connected to the university network. After installing Sophos my other Antivirus is gone but Sophos has a white-on-red “x” over the shield. I am afraid I’m not protected!?
There is a specific issue with the installation of Sophos when the management server cannot be reached that creates this situation. While Sophos AutoUpdate will failover to directly get updates from sophos.com when the management server is unreachable, it cannot obtain the Remote Management System component directly from Sophos – only from UI. There are a couple of ways to verify and resolve this issue:
- Verify that the Sophos install did complete by opening Sophos antivirus directly from the Start Menu or by right-clicking on the tray icon. Once opened, it should have a “Last Updated” date and time on the left that corresponds with the current day. Note: you have protection as long as this is current, despite icon warnings.
- If you have VandalVPN access, connect to UI and then click the tray icon to “Update Now”. This will cause the missing components to install and the issue shouldn’t recur when disconnected from the UI network
- Uninstall Sophos and reinstall using the “Personal or Home” option to avoid using the RMS component. Because you are on remote sites your computers won’t regularly be able to check in with the central server anyway.
- Wait for the revised installer package which should address the issue for you.
This may be an issue with a previous uninstall, or a virus or trojan may be blocking the install of Sophos. Right-click on the Sophos icon and select “Open Sophos Endpoint Security and Control.” In the “Updating” section, select “Configure Updating” then select the “Logging” tab and “View Log File” to see more information. You may need additional assistance in troubleshooting, reinstalling, disinfecting or reinstalling. This may involve Technology Support Services (TSS – Formerly OnSite).
This can also be cause by an expected lack of connectivity. For instance, laptops which are on wireless frequently can’t connect to the Internet until the user has logged into the machine, thus when Sophos tries to update at first boot, it is unable until network connectivity is established. If this happens periodically, it is not a concern, but if it happens continuously, please contact the Help Desk for assistance.
Yes! Starting with version 8.0.5 Sophos has supported OS X 10.8.
I receive the error message “You do not have sufficient privileges…” What causes this error and how do I correct the problem?
The complete error message will read: “You are not a member of any of the Sophos groups. To launch this application, you must be a member of Sophos Administrator, SophosPowerUser or SophosUser group. Please contact your administrator.”
This may be caused by a third-party registry cleaner. Specifically, this error has occurred with CCleaner. If you receive this message while running this software, discontinue use of the software and uninstall then reinstall Sophos. Sophos should install and operate correctly following these steps. Please contact ITS if you still experience issues.
Sophos HIPS protection is now turned on by default. Previously, it had been in “alert only” mode. HIPS protection monitors executables for suspicious behavior like modifying files in C:\Windows or important parts of the registry. Only applications approved by Sophos, by the user, or by us, will be able to make changes. Sophos automatically adds exceptions as part of the Sophos Live Protection. Normal MSI software installation packages should also be unaffected as they install utilizing approved local services(Windows Installer). ITS adds exceptions for known internally used packages (domain tool, banner-bookmark, quick connect, etc.)
The most likely reason a program won’t install after installing Sophos is that the package doesn’t use Windows installation routines. Local users can authorize these applications through the Sophos interface on their computers to complete the installation (like other Sophos settings, it will likely revert back to ITS defaults at a later time). For issues where it affects multiple users or on a repeated basis, you can request that it be added to the centrally authorized applications by e-mailing the ITS Help Desk.
What is the University doing to stop viruses?
The UI has an e-mail virus scanning gateway on the @uidaho.edu servers. All messages with viruses attached are automatically dropped by the system and not delivered. We also block messages from being delivered that have un-common extensions potentially sent as viruses. These include: 386 3gr add ade asp bas bat chm com cmd cpl crt dbx dll fon hlp hta inf ins isp js jse lnk mdb mde msc msi msp mst ocx pcd pif reg scr sct shs shb url vb vbe vbs vxd wsc wsf wsh
What are computer viruses?
Simply speaking, computer viruses are self-replicating programs usually created to propagate to as many machines as possible and/or try to destroy data on the “host” computer. If not protected against, they can cause organizations to lose time, money and their reputation.
How are viruses spread?
Viruses can be spread by many means. They can be spread on any type of removable media (floppies, CDs, flash drives), network drives and shares, and through e-mail.
What are email viruses?
Email viruses are the viruses sent via email attachments and are very common. The reason for this is that many email programs make it very easy to run attached files, or “attachments”, that include a virus. Many of these viruses are also “address book” aware, meaning they will use an email address book to send messages, causing the message to appear valid since most people know each other in their address books.
Why is knowing about email viruses so important?
It is important to understand that, in most cases, email viruses are voluntarily executed on “host” computers. This means that you can easily stop the spread of a virus, or a virus infecting your computer, by paying special attention to email attachments. If you receive a message containing an attachment make sure that you are expecting that attachment from that person. Don’t assume that because it has your name, a note specifically to you, or is concerning your work; it is safe to open.
How do I know if a virus threat is real or a hoax?
One of the true problems when protecting yourself against viruses is trying to determine which viruses are real and which ones are not. Virus hoaxes are notices sent out about viruses that don’t actually exist. They are created usually in the hopes the message will be propagated, via email, between “good Samaritans” wanting to make sure their co-workers, friends, and family know about the potential virus threat. In some cases, these email messages can be detrimental, like a real virus, since they may overload servers with useless messages and cause questions for technical support centers. To determine if a virus is real or a hoax you should visit an Antivirus software vendor’s web page, like http://www.sophos.com, and search the virus library for information on the virus.
What additional security resources are available?
Visit the Security page for additional information on UI Network Security.