View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 20, 2012

Whoops! Sophos identifies itself as malware

False positives following Sophos update creates mayhem for businesses

By Steve Evans

It’s the error security companies fear the most: flagging your own product as malware. It has happened plenty of times before and this time it is Sophos that has fallen victim.

A recent update pushed out by the company started recording false positives, which is another unfortunately common occurrence. However this time Sophos was detecting its own software as being dodgy.

Businesses using Sophos’ security products have been inundated with false positives, no doubt causing havoc.

Specifically it was reporting Shh/Updater-B as malware, when it is in fact Sophos’ updater. The product was then deleting the files it considered dangerous, placing users at greater risk of infections.

"An identity released by SophosLabs for use with our Live Protection system is causing False Positives against many binaries that have updating functionality," the company said in an update on its site. "Detections of Shh/updater-B made today are false positives and not an outbreak."

Customers using Live Protection, the company’s cloud-based platform, should have seen the error fix itself relatively quickly as the files were marked as safe and pushed out via the cloud. Those not using Live Protection have to wait for another update, which Sophos has already pushed out, to be downloaded and pushed out.

"There is no cleanup for this detection, and you will see it quarantined unless you have your on-access policy set to move or delete detections if cleanup is not possible," Sophos added. "Please double check your SAV policy under cleanup; you want to ensure your secondary option (when cleanup is not available or does not work) to be set to ‘deny access’ and not delete or move."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Once the detections have stopped, you can acknowledge the alerts in the Console, this way you can see who is still reporting it, and confirm it is trending down," the advisory added.

Although Sophos has been quick to send out updates to fix the issue a look at its Sophos Support Twitter feed suggests many customers are still struggling to contain the outbreak.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.