Sophos flags own update as malware

By on
Sophos flags own update as malware

Anti-anti-virus?

Sophos has admitted that it suffered a false positive incident last week when its own anti-virus software began detecting an update as malware.

Numerous binaries were falsely detected as 'ssh/updater-B'.

“An identity released by SophosLabs for use with our Live Protection system is causing false positives against many binaries that have updating functionality,” Sophos wrote in a support document.

It moved to confirm that these were false positives and not a malware outbreak.

“If you have Live Protection enabled, you should stop seeing these detections eventually as the files are now marked ‘clean' in the Live Protection cloud. If you do not have Live Protection enabled you will stop seeing the new detections once javab-jd.ide has been downloaded by your endpoints.”

Users would see the file quarantined unless they have their on-access policy set to move or delete detections when clean-up was not possible.

“Please double check your SAV policy under clean-up; You want to ensure your secondary option (when clean-up is not available or does not work) is set to ‘deny access' and not delete or move. Once the detections have stopped, you can acknowledge the alerts in the console, this way you can see who is still reporting it, and confirm it is trending down,” it said.

However this has led to the Sophos Support Twitter page dealing with complaints and frustrated users. It also posted several messages informing that its "call centres are bottlenecked".

One reader on the Internet Storm Centre said the glitch affected other updater services including Adobe Flash, Oracle Java, Fujitsu AutoUpdater and Dell AutoUpdate Utilities.

“All of the auto-updaters mentioned above were deleted off hundreds of PCs. Now none of these applications will auto-update moving forward,” they wrote.

“Even though Sophos may have fixed the problem and fixed their own software, there is a monumental amount of work we have to do to clean up after this mess. I've worked in IT for 16 years and have never had a virus/Trojan/spyware/malware cause problems and disrupt our systems the way this did. Who can I trust anymore when even my security anti-virus vendor can wreak more havoc on our systems than a virus infection outbreak can?”

It followed a borked update of McAfee's anti-virus system which severed internet connections and disabled the client.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?