Sophos at the Lab
Sophos is the Lab's recommended product for anti-virus protection.
Sophos has been licensed for 4,000 seats at Berkeley Lab, using a contract vehicle put together by the University of California. We have versions for Mac and Windows. We have the option of creating a Linux distribution in the future (although we are not sure what advantage that will provide yet).
We deploy Sophos to every Windows workstation that is a member of Windows Active Directory and also provide it to those not in Active Directory through our software download page.
Version Notes
Sophos is available for Windows and Mac OS. The version of Sophos on the software download page is for Lab-owned systems. For personal system, use Sophos Home.
Installation
Download the Sophos Anti-Virus software package at the LBNL software website
Notes on the installer packages:
- The Windows installer works with Windows 7 or later.
- The Windows installer includes a Sophos provided "Competitor Removal Tool" which will remove Symantec prior to installing Sophos. Please use this link to view the other antivirus products that can be automatically removed by the Sophos Competitor Removal Tool. The installer package is generally successful at removing Symantec. If the Competitor Removal Tool fails to remove the other antivirus product then try to remove the other product manually. If you still require assistance, call the Help Desk at ex 4357.
- The Mac installer works with Mac OSX 10.11+.
The installation process involves the following:
- Part I - extract the Sophos software
- Part II - remove the competition (which happens silently and can take 5 minutes or more)
- Part III - install Sophos
You do not have to reboot to be protected by Sophos real time protection. However, upon reboot, some actions are taken to finish the process.
Using Sophos
Sophos Main Window contains most of the commands you will need to set up and use Sophos Anti-virus.
- When you open Sophos, you should see three categories of icons: Anti-virus and HIPS, Tamper protection, and Updating (below). You can use the Back button, just like in a regular web browser, to return to the Main Window.
- If Sophos quarantines a virus on your computer, you should delete it from quarantine and then immediately run a full scan to make sure that the virus has been completely eliminated from your system. For a quick demonstration on scanning your computer, check out this screen shot.
- For directions on how to configure which drives to scan, click here.
- To find out how to schedule a regular scan at a particular time, click here.
- Details on how to deal with viruses and suspicious files are available at Sophos Virus Detection and Quarantine Actions.
- You don't have to scan everything on your computer. To find out how to exclude files, folders or drives from a Sophos scans, click here.
- For a demonstration of how to authorize programs that have been quarantined by Sophos, click here.
Check Sophos Status
Routinely check Sophos to ensure it is running and up to date
macOS
Click on the
(Sophos icon) on the menu bar and select Update Now. Let the update run. If you receive an error, restart your computer and verify the computer is connected to the internet and try again.If the error continues, submit a ticket to [email protected] and include:
- Screenshot of the error
- DOE number of the computer
- macOS version
- Contact number
Check Quarantine item, Click on the [email protected] and include:
(Sophos icon) on the menu bar and select Open Quarantine Manager. If there are listed item(s), submit a ticket to- Screenshot of the quarantine list
- DOE number of the computer
- macOS version
- Contact number
Windows
Double click on the
(Sophos icon) on bottom right corner of the taskbar. In the Sophos window, see the left side for:- On-access scanning: Enabled
- Last updated: time frame should be with int 24 hours. If showing more than 24 hours, right click on the
- If the On-access scanning says disabled and/or receiving error when trying to check for update. Try restarting the computer verify the computer is connected to the internet and try again.
If the error continues, submit a ticket to [email protected] and include:
- Screenshot of the error
- DOE number of the computer
- Contact number
Check Quarantine item, if the Quarantine line shows any number beside 0. Click on it and get a screenshot of the list and submit a ticket to [email protected] and include:
- Screenshot of the quarantine list
- DOE number of the computer
- Contact number
Signature File Update Process
The Lab runs a parent server that automatically distributes new signature files as they are published by Sophos. At the present time, managed clients check in every 30 minutes with the parent server (which gets them in an automated method from Sophos). If updates are available, they are deployed to clients.
Sophos Messages
We have documented some of the Sophos messages commonly observed on managed clients along with our interpretation and recommended action.
Exclusions
Sophos may flag certain files as suspicious, that are in fact legitimate. Additionally, there may be some locations where one does not want Sophos to scan for viruses, such as the quarantine location. To avoid both of these issues, a files exclusion and folder exclusion list are kept on the management console. Send suggestions for exclusions to the IT Help Desk.
Information on the Latest Threats from Malicious Software
Announcements of recently discovered viruses at the Berkeley Lab are posted at IT News.
Sophos maintains an online database of malicious software, which is updated to include information on the latest viruses and spyware. If you find a suspicious program on your computer, you can enter the name of the program into the search engine to get more information about it (e.g., Is it a virus or adware?).
Uninstall Sophos
On Windows, open the Start Menu, choose "Control Panel," choose "Programs and Features," scroll down the list of programs and remove all Sophos components.
For Macs, open Launchpad and click on "Remove Sophos Endpoint."