Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Solve a VMWare/Parallels and Sophos Anti-virus slowdown Apps
For those who run Sophos Anti-virus (4.9.19 is presently current) with a Mac OS X 10.5 system and a virtualizer like VMWare Fusion or Parallels Desktop, this may be very helpful.

It appears that a recent update to Sophos Anti-virus can seriously interfere with the operation of either Fusion or Parallels. Upon opening either application, Sophos' main on-access scanner (InterCheck) will begin to consume large amounts of processor time. Checking in Activity Monitor or via top will reveal it at the top of the list. During this flurry of activity, neither Fusion nor Parallels is responsive. After a several minute wait, both may momentarily become responsive, only to slow down again. The slowdown is most pronounced when a virtual machine is being resumed from a suspended state. Stopping the Sophos on-access scanner returns Fusion or Parallels to their normal responsiveness.

Obviously, stopping Sophos solves the problem. However, some users may be required to run anti-virus software as part of their institutional rules, so that may not be a practical option. Instead, you can instruct Sophos to exclude the location where you've installed the Windows virtual machines from its on-access scanning:
  1. Open System Preferences and choose Sophos Anti-Virus. Authenticate as a local administrator by clicking the lock icon.
  2. Temporarily stop the On-Access Scanner by clicking the Stop button (under the Scanning tab).
  3. Choose Exclusions from the General pop-up menu, then click Choose and navigate to the folder where you keep your Windows virtual machines.
  4. For Parallels Desktop, the default VM location is ~/Documents/Parallels. For VMWare Fusion, the default VM location is ~/Documents/Virtual Machines. You can exclude those entire folders, for example.
  5. Restart the On-Access Scanner by clicking the Start button (Scanning tab, General pop-up menu).
And, since it will probably come up ... do you really need anti-virus software for Mac OS X? Well, Sophos labs lists a whopping nine entries in its Viruses and Spyware section. The point is that some people may be in a situation where they must run anti-virus software, Mac or not, so this may be of use.
  • Currently 2.88 / 5
  You rated: 4 / 5 (8 votes cast)

Solve a VMWare/Parallels and Sophos Anti-virus slowdown | 11 comments | Create New Account
Click here to return to the 'Solve a VMWare/Parallels and Sophos Anti-virus slowdown' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: jelockwood on Mar 20, '09 08:52:35AM

We have used Sophos for many years, several years ago we had a similar problem when using Virtual PC. When the disk image grew bigger than 4GB the performance fell off a cliff. At that time Sophos did fix the problem (I seem to recall by changing the amount of memory they allocated).

However I am seeing a similar problem currently with Disk Utility. Even under normal circumstances, Disk Utility under Mac OS X 10.5 (Leopard) takes much longer than Tiger (it is working in a different manner). Under Leopard, there appear to be two main parts to the Repair Permissions process, the first it to read a database (presumably defining what the permissions should be), and the second is to check and if needed adjust the permissions on all the listed files.

When doing the first part (reading the database), this is done by a process called installdb and it uses a fair amount of CPU but Sophos (InterCheck) uses hardly any, however when it moves on to the second part which is done by a process called repair_packages then at that point the InterCheck process from Sophos goes from almost zero to 80-90% CPU utilisation. As a result the amount of time that the Repair Permissions process will need increase by almost 100 times!

It is ridiculous that a simple virus scan should use so much CPU processing. I have reported this to Sophos and I am going to continue trying to persue them over this.

Currently I am using Sophos 4.9.20.

[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: gerritdewitt on Mar 23, '09 10:39:01AM

Yes, I can confirm that the problem persists with 4.9.20.


[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: chabig on Mar 20, '09 10:08:23AM

I think it's ridiculous that anyone on a Mac would run anti-virus software.

[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: lugal on Mar 21, '09 08:21:37PM

It's not ridiculous if you share files with Windows users. Though Macs aren't vulnerable to any current viruses themselves, they can certainly be vectors for viruses to infect other systems. And, if you're in any sort of professional environment, being the vector by which a client or colleague gets a virus can be very embarrassing and costly. So, as distasteful as it may seem, running antivirus software on a Mac can actually make a lot of sense in certain situations.

[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: robdew on Mar 20, '09 10:35:35AM

Excluding your virtual disks from scanning is a common practice with AV in general, and I doubt this was restricted to a current release of Sophos, since there is no Sophos KB release note specific to this issue.

We run a several-hundred-sized installation of Sophos and have not had a report of a recent update causing this problem.

To answer one of the other commenter's semi-rhetorical question, many users run AV on their Mac because they are required by contract or regulations. Are those regs stupid? Maybe, but don't blame the user.

[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: ckasper on Mar 20, '09 02:00:58PM

You should definitely run AV on a Mac. It is ignorant not to do so. Here is why you should...

1). So you dont infect PCs that your company owns.
2). So you dont infect PCs that your friends own.
3). So you dont unknowingly send viruses over email, which will eventually alert the blacklist sites and cause your company's email servers to be blacklisted. That will result in a horrible denial of service.

If you think beyond yourself when making the decision to deploy AV then you will find the right answer.

[ Reply to This | # ]
Authored by: gxw on Mar 20, '09 05:47:52PM

I download windows files on my mac for installation to my PC at some future date. ClamXav had found the occasional infected file.

[ Reply to This | # ]
Agreed! But not for Windows-only viruses.
Authored by: palahala on Mar 22, '09 10:11:39AM

And how would that infection have spread by itself? And how would the target Windows computer (to which you would copy the file one day) not find that virus?

I am not saying that Macs will never suffer from virus attacks, but I fail to see why Macs should scan for Windows-only viruses (other than trying to be friendly).

[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: macavenger on Mar 20, '09 02:21:21PM

I work as a computer support tech for Frontier Alaska - a large regional Alaska based airline. We run 99% mac computers, and until recently we never ran anti-virus. However, we ran into an issue where a word file we were e-mailing around was infected with a macro virus. Didn't affect us any, until the CEO was unable to send it-it got blocked by e-mail virus filters. After that, we started installing Sophos on our machines. So yes, even on a mac there is a use for virus scanners.

Aluminum iMac 20" 2.4 GHz/3GB/300GB HD

[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: stokessd on Mar 23, '09 05:57:53AM

Viruses in inbound email attachments are best filtered at the mail server, not at the client level. Mail should be checked on the way out as well.


[ Reply to This | # ]
Solve a VMWare/Parallels and Sophos Anti-virus slowdown
Authored by: pjskeleton on Jun 17, '11 11:37:25AM

This was a fantastic help! I saw that both my performance and battery life were suffering at the hands of the Intercheck process and going into Sophos and blocking it form scanning either the bootcamp partition of the VirtualBox VM folder took it down to near nothing! Now if only Mail would stop crashing in the OS X Lion Developer Preview 4, life would be perfect again.

[ Reply to This | # ]