Sophos Struggles To Wake From False Positive Nightmare

UK-based anti-virus vendor Sophos has offered more advice and assistance to customers, following a major snafu that caused carnage and rendered some of its software unusable.

Last week, Sophos AV on Windows machines started perceiving its own updates and certain anti-malware files as threats, placing them in quarantine or deleting them altogether. In many cases, that caused the AV to fail. It also led to other non-Sophos files being detected as malware, causing problems for some businesses, according to reports.

One customer said their Sage accounting software had been taken out, with payroll hit as a result. They complained that Sophos’ fixes did nothing to help remediate issues with affected programs and warned that “the knock on effect for other applications could be huge.”

Time to get positive

Since false positive issues like this are usually addressed with an update, it was particularly tricky to fix the problem. An update was released, but Sophos has been issuing more advice, together with diagnostic and remediation tools for those still suffering. Head here for the latest from Sophos.

Towards the end of last week, Sophos admitted it had a backlog of calls, assuring customers that extra troops had been summoned to deal with the demand for support.

“The entire family of Sophos employees, partners, and customers has been dealing with a very challenging situation related to the Shh/Updater-B false positive issue. For any of you who have been affected by this incident, we sincerely apologise,” read a message from recently-appointed CEO Kris Hagerman.

“We have increased to maximum capacity our phone support centers in Abingdon (UK), Boston, Karlsruhe (Germany), Madrid, Milan, Paris, Sydney, Tokyo, Vancouver, Wiesbaden (Germany), and other cities around the globe. We have Sophos team members cancelling or rescheduling vacations, leaves of absence and other business activities to ensure we have mobilized every available resource to the task at hand.

“In our 25 year history, Sophos has never experienced an incident quite like this, and we are taking every effort to resolve this issue as fast as possible. Once we have made it past this critical stage of assisting our customers to get back to normal, we will then share our full and detailed explanation of the root cause analysis behind this incident and the steps we have implemented to prevent this in the future. Sophos owes this to you.”

False positives and dodgy updates have caused plenty of headaches for IT teams in recent months. Late last year, Microsoft Security Essentials started detecting the Chrome executable file for Windows as a component of the Zeus Trojan.

In July, a Symantec Endpoint Protection 12.1 and Norton antivirus update caused PCs to crash, whilst a McAfee update stopped users accessing the Internet.

How well do you know Internet security? Try our quiz and find out!