Whoops! Sophos identifies itself as malware


by Steve Evans| 20 September 2012

False positives following Sophos update creates mayhem for businesses

It's the error security companies fear the most: flagging your own product as malware. It has happened plenty of times before and this time it is Sophos that has fallen victim.

A recent update pushed out by the company started recording false positives, which is another unfortunately common occurrence. However this time Sophos was detecting its own software as being dodgy.

Businesses using Sophos' security products have been inundated with false positives, no doubt causing havoc.

Specifically it was reporting Shh/Updater-B as malware, when it is in fact Sophos' updater. The product was then deleting the files it considered dangerous, placing users at greater risk of infections.

"An identity released by SophosLabs for use with our Live Protection system is causing False Positives against many binaries that have updating functionality," the company said in an update on its site. "Detections of Shh/updater-B made today are false positives and not an outbreak."

Customers using Live Protection, the company's cloud-based platform, should have seen the error fix itself relatively quickly as the files were marked as safe and pushed out via the cloud. Those not using Live Protection have to wait for another update, which Sophos has already pushed out, to be downloaded and pushed out.

"There is no cleanup for this detection, and you will see it quarantined unless you have your on-access policy set to move or delete detections if cleanup is not possible," Sophos added. "Please double check your SAV policy under cleanup; you want to ensure your secondary option (when cleanup is not available or does not work) to be set to 'deny access' and not delete or move."

"Once the detections have stopped, you can acknowledge the alerts in the Console, this way you can see who is still reporting it, and confirm it is trending down," the advisory added.

Although Sophos has been quick to send out updates to fix the issue a look at its Sophos Support Twitter feed suggests many customers are still struggling to contain the outbreak.

Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.