IT Frequently Asked Questions (FAQ)
Page tree
Viewable by the world
 Skip to end of metadata
Go to start of metadata

Sophos at the Lab

Sophos is the Lab's recommended product for anti-virus protection.

Sophos has been licensed for 4,000 seats at Berkeley Lab, using a contract vehicle put together by the University of California. We have versions for Mac and Windows. We have the option of creating a Linux distribution in the future (although we are not sure what advantage that will provide yet).

We deploy Sophos to every Windows workstation that is a member of Windows Active Directory and also provide it to those not in Active Directory through our software download page.

Version Notes

Sophos is available for Windows and Mac OS. The version of Sophos on the software download page is for Lab-owned systems. For personal system, use Sophos Home.

Installation

Download the Sophos Anti-Virus software package at the LBNL software website

Notes on the installer packages:

  • The Windows installer works with Windows 7 or later.
  • The Windows installer includes a Sophos provided "Competitor Removal Tool" which will remove Symantec prior to installing Sophos. Please use this link to view the other antivirus products that can be automatically removed by the Sophos Competitor Removal Tool. The installer package is generally successful at removing Symantec. If the Competitor Removal Tool fails to remove the other antivirus product then try to remove the other product manually. If you still require assistance, call the Help Desk at ex 4357.
  • The Mac installer works with Mac OSX 10.11+.

The installation process involves the following:

  • Part I - extract the Sophos software
  • Part II - remove the competition (which happens silently and can take 5 minutes or more)
  • Part III - install Sophos

You do not have to reboot to be protected by Sophos real time protection. However, upon reboot, some actions are taken to finish the process.

Using Sophos

Sophos Main Window contains most of the commands you will need to set up and use Sophos Anti-virus.

  • When you open Sophos, you should see three categories of icons: Anti-virus and HIPS, Tamper protection, and Updating (below). You can use the Back button, just like in a regular web browser, to return to the Main Window.

         


  • If Sophos quarantines a virus on your computer, you should delete it from quarantine and then immediately run a full scan to make sure that the virus has been completely eliminated from your system. For a quick demonstration on scanning your computer, check out this screen shot.
  • For directions on how to configure which drives to scan, click here.
  • To find out how to schedule a regular scan at a particular time, click here.
  • You don't have to scan everything on your computer. To find out how to exclude files, folders or drives from a Sophos scans, click here.

  • For a demonstration of how to authorize programs that have been quarantined by Sophos, click here.

Check Sophos Status

Routinely check Sophos to ensure it is running and up to date

macOS

Click on the  (Sophos icon) on the menu bar and select Update Now. Let the update run. If you receive an error, restart your computer and verify the computer is connected to the internet and try again.

If the error continues, submit a ticket to [email protected] and include:

    • Screenshot of the error
    • DOE number of the computer
    • macOS version
    • Contact number

Check Quarantine item, Click on the  (Sophos icon) on the menu bar and select Open Quarantine Manager. If there are listed item(s), submit a ticket to [email protected] and include:

    • Screenshot of the quarantine list
    • DOE number of the computer
    • macOS version
    • Contact number

Windows

Double click on the  (Sophos icon) on bottom right corner of the taskbar. In the Sophos window, see the left side for:

    • On-access scanning: Enabled
    • Last updated: time frame should be with int 24 hours. If showing more than 24 hours, right click on the  (Sophos icon) on bottom right corner of the  taskbar and select Update now and let the update run.
    • If the On-access scanning says disabled and/or receiving error when trying to check for update. Try restarting the computer verify the computer is connected to the internet and try again.

If the error continues, submit a ticket to [email protected] and include:

      • Screenshot of the error
      • DOE number of the computer
      • Contact number

Check Quarantine item, if the Quarantine line shows any number beside 0. Click on it and get a screenshot of the list and submit a ticket to [email protected] and include:

    • Screenshot of the quarantine list
    • DOE number of the computer
    • Contact number

Signature File Update Process

The Lab runs a parent server that automatically distributes new signature files as they are published by Sophos. At the present time, managed clients check in every 30 minutes with the parent server (which gets them in an automated method from Sophos). If updates are available, they are deployed to clients.

Sophos Messages

We have documented some of the Sophos messages commonly observed on managed clients along with our interpretation and recommended action.

Exclusions

Sophos may flag certain files as suspicious, that are in fact legitimate. Additionally, there may be some locations where one does not want Sophos to scan for viruses, such as the quarantine location. To avoid both of these issues, a files exclusion and folder exclusion list are kept on the management console. Send suggestions for exclusions to the IT Help Desk.

Information on the Latest Threats from Malicious Software

Announcements of recently discovered viruses at the Berkeley Lab are posted at IT News.

Sophos maintains an online database of malicious software, which is updated to include information on the latest viruses and spyware. If you find a suspicious program on your computer, you can enter the name of the program into the search engine to get more information about it (e.g., Is it a virus or adware?).

Uninstall Sophos

On Windows, open the Start Menu, choose "Control Panel," choose "Programs and Features," scroll down the list of programs and remove all Sophos components.

For Macs, open Launchpad and click on "Remove Sophos Endpoint."

Was this site useful for you? Do you have any feedback or suggestions? Please click here to send your comments about this FAQ to IT.