How To Shut Off Sophros Antivirus For Mac
If you are running antivirus software on your Mac, you are helping to protect Windows users when forwarding an email with an attachment, or when attaching a file to a new message that is sent to a Windows user, and Windows users should be running antivirus software due to constant virus concerns. How to Turn Off Mac Firewall. Macintosh computers with OS X have built-in firewalls installed that provide security from potentially harming or malicious.
NOTE: Policies are enforced based on the policy assigned to that system during the next policy enforcement interval. If the Threat Prevention or Firewall policies are configured to enable, they will be enabled after the first policy enforcement. EPM 2.3 and VSMAC 9.8 You can disable the EPM 2.3 and VSMAC 9.8 On-Access Scanner (OAS) and EPM Desktop Firewall from the command line during installation.
This capability is available only in EPM 2.3 and VSMAC 9.8. If an ePolicy Orchestrator (ePO) Administrator wants to disable OAS and Desktop Firewall during product deployment of EPM 2.3 or disable the OAS in VSMAC 9.8 from ePO, they can do so by passing the following arguments under Products and components in the Command line check box: • To disable OAS in VSMAC: OAS-off • To disable Desktop Firewall for EPM 2.3: FW-off • To disable both OAS and Desktop Firewall for EPM 2.3: FW-off OAS-off.
I'm trying to install Bootcamp on some Macs without going through Casper Imaging so I found that through WinClone you can create a PKG of the BootCamp captured partition and deploy that to existing Macs that'll resize the partition and install BootCamp on the Mac. This is great, except that our Sophos Anti-Virus On-Access Scanner is not allowing the install to finish without getting its grubby little fingers all over the files being copied to the new partition. Latest version of microsoft internet explorer for mac mac. So I wanted to find a clean way to stop the Scanner through a simple script without touching the GUI.
Most Mac Anti-Virus programs I've encountered in the past simply let you unload their LaunchDaemons and the scanner will stay off until you reload the daemon or reboot the Mac. It appears in previous versions of Sophos this was also the case. In this version we have installed this is not the case from what I can tell. So I used fsevents when hitting the 'Stop Scanning' button in the GUI and found Sophos was talking to the plist called /Library/Preferences/com.sophos.sav.plist. It appears that it changed a value of 'AutoLaunch' from 1 (on) to 0 (off). I then used the binary 'opensnoop' in terminal for the file /Library/Preferences/com.sophos.sav.plist and found that three processes touch that file when you enable and disable the OAS (On-Access Scanner) in the GUI. The three processes are 1) InterCheck 2) SophosAntiVirus and 3) SophosConfigD.
I played with killing these processes but obviously they'd simply relaunch when they are killed and they appear to have no plist in any LaunchDaemon location (/Library nor /System). So long story longer. My theory is when you hit 'Stop Scanning' in the GUI it is writing the 0 (off) value to the com.sophos.sav plist then its restarting its services. When it sees AutoLaunch set to 0 it doesn't run the On-Acess Scanner until you hit 'Start Scanning'. So I used 'defaults write /Library/Preferences/com.sophos.sav AutoLaunch -int 0' and then I tried doing a 'killall InterCheck'. This will show in the GUI that the On-Access Scanner is off for about 5 seconds then it goes green again. Frustrated, I put away the scalpel and grabbed the sledgehammer and I wrote the AutoLaunch value to 0, THEN I moved the '/Library/Sophos Anti-Virus/InterCheck.app' application (Which contains the InterCheck binary) to /tmp THEN I did a killall InterCheck.
Since Sophos wasn't able to find the InterCheck binary, the On-Access Scanner stayed off in the GUI. Not certain that the scanner was actually off, but the GUI said it was. When I move the InterCheck.app back to '/Library/Sophos Anti-Virus/' the GUI would almost immediately show the Scanner is back on.
Has anyone else been able to get the On-Access Scanner to turn off through a script or command? Can you share if possible? I'm going to continue testing my method but I'm really hoping there is a easier way available.