Categories: SecurityWorkspace

Sophos Struggles To Wake From False Positive Nightmare

UK-based anti-virus vendor Sophos has offered more advice and assistance to customers, following a major snafu that caused carnage and rendered some of its software unusable.

Last week, Sophos AV on Windows machines started perceiving its own updates and certain anti-malware files as threats, placing them in quarantine or deleting them altogether. In many cases, that caused the AV to fail. It also led to other non-Sophos files being detected as malware, causing problems for some businesses, according to reports.

One customer said their Sage accounting software had been taken out, with payroll hit as a result. They complained that Sophos’ fixes did nothing to help remediate issues with affected programs and warned that “the knock on effect for other applications could be huge.”

Time to get positive

Since false positive issues like this are usually addressed with an update, it was particularly tricky to fix the problem. An update was released, but Sophos has been issuing more advice, together with diagnostic and remediation tools for those still suffering. Head here for the latest from Sophos.

Towards the end of last week, Sophos admitted it had a backlog of calls, assuring customers that extra troops had been summoned to deal with the demand for support.

“The entire family of Sophos employees, partners, and customers has been dealing with a very challenging situation related to the Shh/Updater-B false positive issue. For any of you who have been affected by this incident, we sincerely apologise,” read a message from recently-appointed CEO Kris Hagerman.

“We have increased to maximum capacity our phone support centers in Abingdon (UK), Boston, Karlsruhe (Germany), Madrid, Milan, Paris, Sydney, Tokyo, Vancouver, Wiesbaden (Germany), and other cities around the globe. We have Sophos team members cancelling or rescheduling vacations, leaves of absence and other business activities to ensure we have mobilized every available resource to the task at hand.

“In our 25 year history, Sophos has never experienced an incident quite like this, and we are taking every effort to resolve this issue as fast as possible. Once we have made it past this critical stage of assisting our customers to get back to normal, we will then share our full and detailed explanation of the root cause analysis behind this incident and the steps we have implemented to prevent this in the future. Sophos owes this to you.”

False positives and dodgy updates have caused plenty of headaches for IT teams in recent months. Late last year, Microsoft Security Essentials started detecting the Chrome executable file for Windows as a component of the Zeus Trojan.

In July, a Symantec Endpoint Protection 12.1 and Norton antivirus update caused PCs to crash, whilst a McAfee update stopped users accessing the Internet.

How well do you know Internet security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Google Confronts Break-Up Threat From US DoJ

US Department of Justice mulls asking judge to force Google to sell parts of its…

2 hours ago

US Supreme Court Rejects X’s Trump Appeal

US Supreme Court declines to hear appeal from X, formerly Twitter, over nondisclosure order attached…

1 day ago

US Judge Orders Google To Allow Android App Store Competition

US federal judge orders Google to undertake wide range of measures allowing third-party app stores…

1 day ago

Ukraine Hackers Disrupt Russian Broadcaster On Putin’s Birthday

Ukrainian hackers disrupt online services of Russian state broadcaster VGTRK on Vladimir Putin's birthday, amidst…

1 day ago

Amazon Antitrust Case Gets Go-Ahead In US Court

US federal judge says FTC and 18 states may proceed with landmark Amazon antitrust case,…

1 day ago