Wednesday, September 26, 2012

Sophos Anti-Virus Still Reporting False Positives

Nearly a week after a bad update to Sophos' anti-virus software began causing the application to falsely report files as malicious the company confirmed that many users are still reporting issues.

Despite that fact that Sophos issued instructions last week as to how to remedy the situation the company has said it is still seeing a large amount of calls, emails and other communications from users asking for support.

"While Technical Support volumes have started to significantly subside and hold queues have started to drop, I understand that our hold queues still remain larger than normal, and in some instances, callers have been unable to connect with us," said Hagerman in an apology issued Friday. "We are doing everything possible to address the queue as fast as we can; I assure you that our Sophos team members are eager to speak with you to get your case resolved swiftly."

Sophos has provided customers with more information on fixing the problem which is the result of s bad A/V update that causes false positives for certain malware to occur on Windows-based computers. The bad update causes Sophos Anti-Virus for Windows to erroneously pop-up alerts for the Shh/Updater-B virus. These are false alerts and there is no malware on your computers.

For many customers, the problem was temporary however for some users impacted by the Sophos’ Shh/Updater-B false positive update the software may also have impacted other non-Sophos applications, such as Adobe and JavaTM, and prevented them from updating. These non-Sophos applications are only likely to be impacted if your Sophos ‘on-access’ clean up policy was changed from the default setting to either 'Deny access and move to...' or ‘Delete’.

The latest version of the Sophos recovery tool here will automatically restore files where the policy was set to ‘Deny access and move to…’. However, if your policy setting was ‘Delete’, you will need to repair all affected applications. Later this week, we will release a tool to help you centrally identify applications that need to be repaired. We believe many customers will have manually remediated affected applications, but our advice is for all affected customers to run this tool when it is available to ensure that all applications are able to receive future updates.’

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you