Sophos detects and destroys itself

Discussion in 'other anti-virus software' started by Quitch, Sep 20, 2012.

Thread Status:
Not open for further replies.
  1. Quitch

    Quitch Registered Member

    Joined:
    Apr 24, 2008
    Posts:
    94
    Advisory: Shh/Updater-B False positives

    I want to congratulate Night_Raven for seeing this coming many moons ago.

     
    Last edited: Sep 20, 2012
  2. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    One of the many reasons I have been AV free (in realtime) as if another reason was needed, sense 2008.
     
  4. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Yup,here as well.
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Ditto to No Anti Virus:thumb:
     
  6. Night_Raven

    Night_Raven Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    388
    Thanks, but to be honest, that satiric statement was aimed mainly at those products that generally produce a lot of positives (the idea being that they would get too paranoid for their own goods), whereas the current case is more of an accident.
    Still, I am flattered you remembered my post and took the time to create a topic about this. :)
     
  7. DX2

    DX2 Guest

    Yep, been AV free for a month. Liking every bit of it..
     
  8. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,413
    whoops sophos
     
  9. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    +1, together with:

    - Uh, the new program update slows down my internet.
    - The AV slows down my PC. Could it be that it has 1.000.000 i/o writes?
    - The AV eats up my CPU/RAM. But i guess, 10% of my 6-core PC resources, aren't that much for the 10 processes of my brand new AV!
    - My AV failed to update and can't update anymore.
    - My AV BSODed.
    - My AV has conflict with X firewall, Y HIPS, Z antitrojan,please do something! I don't mind spending my day troubleshooting and beta-testing!
    - Windows Update messed up my AV!
    - My AV deleted Windows system file! Help!
     
  10. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    This is a very serious issue. Especially in a working environment. I am a system administrator at my work. What happening here is the worst nightmare you can have.
     
  11. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Sophos Self-destruction...
    In 3,2,1 seconds...:D
     
  12. SnowFlakes

    SnowFlakes Registered Member

    Joined:
    Jun 29, 2011
    Posts:
    194
    have they fixed this issue? or will they ever fix it ?>
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
  14. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    :(
    Me too
    At work = nightmare and I have a small network environment.
    Pity those souls with hundreds of workstations: each station may need to be reconfigured on individual basis.
    Not like as suggested the sysadmin can just turn off antimalware tools for the network !?

    Not only locked Sophos auto update with self detection but LOTS of other tools with FPs moved to quarantine. :p

    The "fix" aint that easy either ...

    102 page thread re this issue ..!!
    http://community.sophos.com/t5/Soph...lert-Shh-Updater-B-False-positives/td-p/29723

    Nice summary: http://www.theregister.co.uk/2012/09/20/sophos_auto_immune_update_chaos/
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Something like this happens every once in a while. Mcaffee detected svchost at some point. False positives happen.
     
  16. quanzi_1507

    quanzi_1507 Registered Member

    Joined:
    Feb 18, 2009
    Posts:
    320
    It is a bit more serious in this case though. For McAfee it can just implements a hotfix to exclude svchost. Since Norman has blocked its own updater it will not be able to obtain the hotfix (even the latter has been released) without manual intervention.

    A similar accident to Norman's one would be this IMO:

    https://www.pcworld.com/article/261...oblems_for_home_and_enterprise_customers.html

    It's interesting to know that some admins would rather delay update deployment to avoid the impact of bad updates, even if it might leave their system vulnerable to new threats.
     
  17. carat

    carat Guest

    I hope it cleaned up all Sophos traces as well! :D
     
  18. Niels

    Niels Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    466
    Location:
    Belgium
    @longboard:

    I am the only IT/system administrator at my work place, which is a local town hall. I had to take care of 40 workstations, also those which are located on a remote location. It took my more than a half day to manual fix the issues.

    In the second half of October I am replacing the desktops with thin clients and implementing terminal servers with virtualization. So I have only need to take a look on the servers and not on the desktop workstations to manual fix the problems.


    @ Hungry Man: You are right, false positives can happen. But the consequences in working environment are more critical in comparison with a home situation.


    @quanzi_1507: In a working environment there are also additional security mechanisms beside only one anti-malware product. . A second security layer of security which I implemented at my work place is Vasco's Axsguard Gatekeeper.
     
  19. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    I've seen a few companies that use it, too.
     
Loading...
Thread Status:
Not open for further replies.