Sophos has suddenly appeared without my knowledge/authorization on my MacBook Pro (still running Catalina). It is not allowing me to visit web pages I viewed last night. There's no option to bypass it. I tried downloading the official uninstaller from their site, then get an error message that Apple will not allow the uninstaller to be installed because it cannot check it for malware. How do I get out of this do-loop and get rid of Sophos?
MacBook Pro 15″, macOS 10.15
Hi there mac neophyte,
Thanks for visiting the Apple Support Communities. If you are having trouble removing some software from your Mac, we suggest trying to do so while booted into safe mode. Safe mode can help by doing two main tasks:
You can get more information on safe mode, like how to boot to it, why it's helpful, and what to do with your findings, please review the Apple Support article How to use safe mode on your Mac - Apple Support.
Best!
Hi there mac neophyte,
Thanks for visiting the Apple Support Communities. If you are having trouble removing some software from your Mac, we suggest trying to do so while booted into safe mode. Safe mode can help by doing two main tasks:
You can get more information on safe mode, like how to boot to it, why it's helpful, and what to do with your findings, please review the Apple Support article How to use safe mode on your Mac - Apple Support.
Best!
I'm assuming this is a personal machine you own and not a machine on loan by an employer? If it's not your machine, your corporate administrator could have had Sophos installed and in a way you can't remove it. But assuming this is your personal machine then the bigger question is how "Sophos" got installed in the first place. I'm doubtful it's really Sophos. The other advice on how to remove it is great, but if I were you I'd still be worried about how this malicious software got installed. Personally I'd just backup all the files I care about and then do a completely fresh new system install. That's the only way to make sure this malware is removed. (If you want to uninstall real Sophos try these instructions: https://support.sophos.com/support/s/article/KB-000035182?language=en_US, the uninstaller should already be included with genuine Sophos and shouldn't need to be downloaded. Though they do have an uninstaller you can download there.)
Are you sure you are visiting the correct site for Sophos? This may just be a browser issue. Do you have any other browsers installed which you could try? If you are using Safari, then quit Safari. Now hold down the Shift key as you relaunch Safari which will launch Safari in safe mode hopefully preventing the problem...assuming the problem is with just the browser.
It is unlikely Sophos was installed unless you just downloaded another app from a website and Sophos was included along with the app you wanted. Some download sites will secretly include other legitimate apps, but other sites will sneak in malware instead.
Try booting into Safe Mode to see if it makes a difference when attempting to run the Sophos uninstaller as it should prevent Sophos from launching automatically during boot & login.
There is a chance you have malware installed instead which is pretending to be Sophos and interfering with macOS. If Safe Mode does not work, then try running MalwareBytes instead.
Thanks for all your responses. The weirder thing is that when I went back to my laptop the next day, the issue appeared to be gone. I haven't seen any Sophus notifications since, which is also suspicious.
Yes, it's my personal machine. I do recall that as I was working on something earlier that evening, there was something that flashed up on the screen and disappeared before I could focus on it and see what it was, because I was already in the process of clicking on something when it popped up, so it was only on the screen for a nanosecond before I clicked on the button. Does that make sense? I was actually reaching for the button to click, and as I clicked it, this "thing" popped up. But I have no idea what it was because it disappeared as soon as I clicked the button (and saw it simultaneously). So that could be how it got installed?
varenchris, I had the same concerns about it not really being Sophos, too. As I said, I was able to download the real Sophos installer, but Apple wouldn't allow it to run because it couldn't run a malware check on it.
The other factor that may come into play is that particular evening, I had booted from an external hard drive to work on my taxes (which I hadn't done for quite some time). I use Quicken Home & Business, which doesn't have a Mac version, so I have Parallels and Windows installed on the external drive which is actually the hard drive from my previous Mac, along with Quicken, and I boot to that drive to work on taxes (because I don't want Windows on this machine). So maybe I need to boot to the external drive in safe mode and see if that's where the problem is? But the Sophos popups occurred after I shut down and disconnected the external drive and re-booted to the internal hard drive, so I don't see how that would happen if the problem is on the external drive.
At one time, I had PCMatic installed on this machine (yes, it works on Mac, too), but the guys in my local computer shop told me once to uninstall it because it doesn't "play nice" with Mac and could be causing whatever issue I was having at the time.
Any other thoughts?
Thanks again for your responses.
Sophus
