Sophos labels its own anti-virus suite as malware, setting off auto-immune havoc

PCs running Sophos went into hari-kari mode, classifying its software as SSH/Updater-B malware and alerting systems administrators of massive infections. Sophos quickly scrambled a fix, but trouble is lingering because the snafu resulted in required systems being quarantined – meaning that system updates can’t be applied.

“We would like to apologize for all of the disruption caused to our many customers and partners worldwide,” the company said on its issue update page. “We recognize the issue is very serious, and are doing everything we can to resolve it.

“We are launching a full investigation to analyze how this happened, to ensure that it never happens again, and will provide further information on the analysis in due course,” Sophos added.

That may be cold comfort for the enterprises being hit with the issue. “I cannot get through to tech support. I have gotten hung up on MANY times,” wrote one disgruntled user on the firm’s discussion board. “When I add my name to be called back, the calls never come. I have been trying since 8 am today to talk to someone in support.”

One user wanted to know if his company could start from scratch. “Can I just create a new Sophos server and push out the current client?”, he asked. “Will the new client and settings replace any of the clients that are broken?”

But it seems there may be long days ahead. A customer representative offered: “Creating a new Sophos server and re-protecting is going to be more work then remediating your current environment. Further, re-protecting endpoints will likely fail if you are still getting false positives as the new files pushed to the endpoints will be deleted again. Please work through the steps in Advisory KBA and if you hit a snag, post back here and I or someone else may be able to provide you an answer to get you going again.”

What’s Hot on Infosecurity Magazine?