Categories: SecurityWorkspace

Sophos Struggles To Wake From False Positive Nightmare

UK-based anti-virus vendor Sophos has offered more advice and assistance to customers, following a major snafu that caused carnage and rendered some of its software unusable.

Last week, Sophos AV on Windows machines started perceiving its own updates and certain anti-malware files as threats, placing them in quarantine or deleting them altogether. In many cases, that caused the AV to fail. It also led to other non-Sophos files being detected as malware, causing problems for some businesses, according to reports.

One customer said their Sage accounting software had been taken out, with payroll hit as a result. They complained that Sophos’ fixes did nothing to help remediate issues with affected programs and warned that “the knock on effect for other applications could be huge.”

Time to get positive

Since false positive issues like this are usually addressed with an update, it was particularly tricky to fix the problem. An update was released, but Sophos has been issuing more advice, together with diagnostic and remediation tools for those still suffering. Head here for the latest from Sophos.

Towards the end of last week, Sophos admitted it had a backlog of calls, assuring customers that extra troops had been summoned to deal with the demand for support.

“The entire family of Sophos employees, partners, and customers has been dealing with a very challenging situation related to the Shh/Updater-B false positive issue. For any of you who have been affected by this incident, we sincerely apologise,” read a message from recently-appointed CEO Kris Hagerman.

“We have increased to maximum capacity our phone support centers in Abingdon (UK), Boston, Karlsruhe (Germany), Madrid, Milan, Paris, Sydney, Tokyo, Vancouver, Wiesbaden (Germany), and other cities around the globe. We have Sophos team members cancelling or rescheduling vacations, leaves of absence and other business activities to ensure we have mobilized every available resource to the task at hand.

“In our 25 year history, Sophos has never experienced an incident quite like this, and we are taking every effort to resolve this issue as fast as possible. Once we have made it past this critical stage of assisting our customers to get back to normal, we will then share our full and detailed explanation of the root cause analysis behind this incident and the steps we have implemented to prevent this in the future. Sophos owes this to you.”

False positives and dodgy updates have caused plenty of headaches for IT teams in recent months. Late last year, Microsoft Security Essentials started detecting the Chrome executable file for Windows as a component of the Zeus Trojan.

In July, a Symantec Endpoint Protection 12.1 and Norton antivirus update caused PCs to crash, whilst a McAfee update stopped users accessing the Internet.

How well do you know Internet security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

The State of Quantum Security

No longer a technology on the distant horizon, quantum computing brings with it security challenges…

8 hours ago

US Carmakers Warn Over Upcoming Electric Vehicle Incentives

Climate and tax bill worth $430bn passed by US Congress last week could immediately eliminate…

9 hours ago

Mercedes-Benz And CATL To Build Massive EV Battery Plant In Hungary

Mercedes-Benz and world's biggest EV battery maker CATL to build 7.3bn euro battery plant in…

10 hours ago

ESA In Talks With SpaceX Over Launches To Replace Soyuz

European Space Agency confirms it is in talks with SpaceX over using Falcon 9 as…

10 hours ago

Disney Brings Ads To Streaming Platform As It Surpasses Netflix

Disney to introduce ad-supported version of Disney+ in December along with price hikes, as it…

11 hours ago

Meta Gathers AI Data As Chatbot Calls Zuckerberg ‘Creepy’

Facebook parent Meta gathers data from user interactions with latest chatbot as BlenderBot 3 criticises…

11 hours ago