Thursday, September 20, 2012

Bad Update Causes Sophos Anti-Virus To Report False Positives

A recent signature update is has been wreaking havoc for Sophos anti-virus users. The faulty update is causing erroneous errors leading the anti-virus software to believe that there are malicious files on a users system when in fact there are none.

According to Sophos an update issued by SophosLabs for use with the company's Live Protection system is causing wide spread False Positives. Numerous executable files are falsely detected as Shh/Updater-B.

Symptoms may include:
  • Any virus detections of 'Shh'
  • Sophos Autoupdate not updating correctly
  • Other products update mechanisms not functioning correctly
  • The Sophos shield may disappear.
Symptoms on console may include:
  • Reports of Shh/Updater-B

On the company's customer forum, a thread regarding the problem is now up to 90+ pages at the time of writing, and includes a number of examples, including the update agents for Java, as well as Adobe Flash and Reader. Sophos' engine even suspects its own update service, with the update tools being marked as Shh/Updater-B.

One major concern for Sophos Anti-virus users is that the files falsely believed to be malicious are automatically put into quarantine – or, depending on your custom settings perhaps even immediately deleted. Sophos says that the bug has already been fixed, with users who have Live Detection activated noticing the change immediately. All other users will see an end to the problem once the program has downloaded the current version of the javab-jd.ide signature file from the Sophos server – assuming, of course, that the Sophos updater is still working.

If the automatic updater is not working on your machine or you are still experiencing difficulties you'll need to follow the instructions on the Sophos site to get things working again.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you