Sophos Anti-Virus FAQs
Sophos is an antivirus program offered for free by the University of Idaho for current students, staff and faculty to protect their computers from virus threats. ITS supports Sophos installations for both Windows and Mac machines. You can learn more about Sophos below.
Sophos Anti-Virus FAQ
Current faculty, staff and students can utilize ITS-Managed Sophos antivirus by accepting the Sophos agreement from your Account Management page and then downloading Sophos from the software download page. Personal machines can use Sophos Home for free, downloaded and updated straight from Sophos. ITS has set up tutorials on how to install Sophos antivirus, which you can find on our tutorial page.
Just as other antivirus software needs to be removed before installing Sophos, the reverse is true. Once you have left the university, be sure to take the steps of uninstalling Sophos so you can install an antivirus program of your choice without issues. ITS provides step-by-step tutorials on how to uninstall Sophos on Windows and Mac OS X machines.
Personal machines can use Sophos Home for free, which you can download from their website.
Sophos offers free versions of their anti-virus for Windows, OS X and Linux regardless of university affiliation. There are also other free Sophos tools like home UTM firewall, mobile security (AV, anti-theft, multi-factor, device auditing, web/call/text filtering and app lock), Mobile encrypted storage, Virus removal tool and others.
Other anti-virus options can be found at AV-comparatives.
For UI-managed or owned machines, yes. This ensures that your computer is named appropriately and it will get the appropriate policies applied for your prefix group. Also, AD-joined computers get the Sophos Client Firewall by default which provides additional protection. Use the instructions for joining your UI Windows computer to Active Directory before installing Sophos whenever possible.
Yes, it is important to wipe your computer of any previous antivirus software before installing Sophos. To remove currently-installed anti virus software on your machine, access the control panel and the add/remove programs or installed programs list and remove the installations manually.
There are also many programs that have product removal tools that help uninstall all aspects of the program at once.
Sophos antivirus is an award-winning antivirus program that protects your computer from viruses that may try to enter your computer via email, downloads or removable media. Sophos includes on-access scanning that provides constant real-time protection with minimal system overhead and an auto updater, which allows automatic downloads of updated virus definitions and application updates. When installed on UI managed machines, it allows ITS Security to be aware of potential threats on the machine. Sophos has over 25 million users from organizations of all sizes worldwide. For more information about Sophos, please visit their website.
Sophos automatically updates its virus definitions every 30 minutes either from ITS or directly from Sophos, so it will check for the newest antivirus updates automatically. You can force Sophos to manually update by right-clicking the Sophos icon in your system tray and selecting Update Now.
You should rarely need to manually scan your computer for viruses because Sophos scans for viruses as you access files on your computer. However, if you wish to perform an immediate scan, right-click the Sophos icon in your system tray, select open Sophos Endpoint Security and Control, then when the Sophos control panel opens, select Scan my computer.
If you'd like to scan a specific file, right click the file and select "Scan with Sophos Anti-Virus."
Sophos automatically schedules to scan UI systems at 12:05 p.m. Monday and Friday, and 9 p.m. Tuesday, Wednesday and Thursday. Personal/Home installs of Sophos are now set to scan at 3 a.m. Sunday, Tuesday and Thursday. Making sure your computer is on during one or more of these times will help ensure it gets scanned regularly.
By default, the Firewall will only be installed on computers that are already joined to ITS Active Directory, or “AD.” Running the Sophos firewall is not strictly necessary, as the Windows/Mac firewall should be enabled by default and used. These firewalls provide adequate protection against most computer threats.
If your computer is 64-bit and connected to Active Directory, you can add the Sophos Client Firewall to your configuration if you did not have it previously. Contact the Help Desk for assistance. Please note that if you are running 32-bit Windows XP and the Cisco VPN Client, you will not be able to run the Sophos Client Firewall. At this time, there is no Sophos Client Firewall software for Mac users.
There are other free home network firewall solutions, like this one from Sophos.
Many Antivirus Suites don’t uninstall cleanly and may leave your machine in a broken state. While Sophos does uninstall many products, it does this by running the application’s own uninstall procedure so if the application doesn’t uninstall itself cleanly, Sophos won’t be much help. In particular, Norton and McAfee have presented issues at the Help Desk. Tools are available from each vendor to more cleanly remove the products. Even if they haven’t been installed recently on the machine or appear to be gone from Add/Remove programs, portions of the programs may still exist. Other anti-virus removal tools are available online.
There is a specific issue with the installation of Sophos when the management server cannot be reached that creates this situation. The red x simply indicates that Sophos cannot contact the service at a specific time. This is often because the device may not be connected to the wireless, or Sophos tries to check in before the machine is fully connected to the internet. Sophos is still working and actively protecting your computer and will contact the server later.
While Sophos AutoUpdate will fail to directly get updates from sophos.com when the management server is unreachable, it cannot obtain the Remote Management System component directly from Sophos – only from UI. There are a couple of ways to verify and resolve this issue:
- Verify that the Sophos install did complete by opening Sophos antivirus directly from the Start Menu or by right-clicking on the tray icon. Once opened, it should have a “Last Updated” date and time on the left that corresponds with the current day. Note: you have protection as long as this is current, despite icon warnings.
- If you have VandalVPN access, connect to UI and then click the tray icon to “Update Now.” This will cause the missing components to install and the issue shouldn’t recur when disconnected from the UI network.
- Uninstall Sophos and reinstall using the “Personal or Home” option to avoid using the RMS component. Because you are on remote sites your computers won’t regularly be able to check in with the central server anyway.
- Wait for the revised installer package which should address the issue for you.
The red x simply indicates that Sophos cannot contact the service at a specific time. This is often because the device may not be connected to the wireless, or Sophos tries to check in before the machine is fully connected to the internet. Sophos is still working and actively protecting your computer and will contact the server later.
This could also be an issue with a previous uninstall, or a virus or trojan may be blocking the install of Sophos. Right-click on the Sophos icon and select “Open Sophos Endpoint Security and Control.” In the “Updating” section, select “Configure Updating” then select the “Logging” tab and “View Log File” to see more information. You may need additional assistance in troubleshooting, reinstalling, disinfecting or reinstalling. This may involve Technology Support Services (TSS – Formerly OnSite).
This can also be cause by an expected lack of connectivity. For instance, laptops which are on wireless frequently can’t connect to the Internet until the user has logged into the machine, thus when Sophos tries to update at first boot, it is unable until network connectivity is established. If this happens periodically, it is not a concern, but if it happens continuously, please contact the Help Desk for assistance.
Yes! Starting with version 8.0.5 Sophos, OS X 10.8, 10.9, 10.10, and 10.11 are all supported as long as you meet the system requirements.
The complete error message will read: “You are not a member of any of the Sophos groups. To launch this application, you must be a member of Sophos Administrator, SophosPowerUser or SophosUser group. Please contact your administrator.”
This may be caused by a third-party registry cleaner. Specifically, this error has occurred with CCleaner. If you receive this message while running this software, discontinue use of the software and uninstall then reinstall Sophos. Sophos should install and operate correctly following these steps. Please contact ITS if you still experience issues.
Sophos HIPS protection is now turned on by default. Previously, it had been in “alert only” mode. HIPS protection monitors executables for suspicious behavior like modifying files in C:\Windows or important parts of the registry. Only applications approved by Sophos, by the user, or by us, will be able to make changes. Sophos automatically adds exceptions as part of the Sophos Live Protection. Normal MSI software installation packages should also be unaffected as they install utilizing approved local services (Windows Installer). ITS adds exceptions for known internally used packages (domain tool, banner-bookmark, quick connect, etc.)
The most likely reason a program won’t install after installing Sophos is that the package doesn’t use Windows installation routines. Local users can authorize these applications through the Sophos interface on their computers to complete the installation (like other Sophos settings, it will likely revert back to ITS defaults at a later time). For issues where it affects multiple users or on a repeated basis, you can request that it be added to the centrally authorized applications by emailing the ITS Help Desk.