Skip to content

Sophos antivirus

Quarantine directory

The Quarentine directory can be found in the following locations:

On Windows XP:

c:\documents and settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED

On Windows 7:

C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

On Mac OS X:

/Users/Shared/Infected

Log files

The log files can be found in the following locations:

On XP:

c:\documents and settings\All Users\Application Data\Sophos\Sophos Anti-Virus

On Windows 7:

C:\ProgramData\Sophos\Sophos Anti-Virus

On MacOS-X:

/Library/Logs/Sophos Anti-Virus.log

Log entries

The Sophos logs sometimes contain the following notation:

...\file.exe\FILE:0000

These are not an NTFS ADS, but seems to be related to "running" files 1

These entries also surface when scanning a packed executable. So they might refer to unpacked versions of the executable.