Sophos Update Issue – False Positive - SHH\Update-B
Sophos Update Issue – False Positive:
On 9-19-12 around 5:40PM Sophos pushed an updated signature file which triggered a false positive virus detections identified as SHH\Updater-B. This signature may have alerted on a number of different update files including Flash, Google, and most notably Sophos itself. As of 9/20/12, Sophos has corrected this problem.
What this means to you:
This did not impact all systems on campus, but it did impact a large percentage of our Faculty and Staff desktops. The update only impacted Windows systems that were connected to the network at the time the update was pushed. If your system was impacted the following might have occurred:
- You may have seen a notice that your system had quarantined a couple of files.
- Your system may have stopped updating the impacted applications. (again for most systems this would have been Sophos. A few systems had other applications impacted.)
- Your Anti-virus software may have failed to open if you had tried to run a manual scan.
Not all of these symptoms were consistent across all impacted computers. With the update that Sophos Released around 8:00PM on 9/19/12, many of these issues were resolved and the issue seemed to stop spreading.
On the morning of 9/20/12 LIS made an exception to the Sophos policy set which resolved most of the update issues for Sophos and allowed the software to receive updates and new signature sets. Additionally Sophos pushed a fix which resolved the update for the other applications. Additionally, with the help of the CSNS staff, a patch will be pushed to the managed Faculty and Staff systems which will empty the quarantine file on all desktop systems. This patch may not be applied to your system immediately as it will take some time for your computer to receive the automatic delivery of the update. You can escalate this process by rebooting your computer.
What was the risk?
This update posed no risk to our campus. The issues generated by this update, while bothersome and inconvenient, it did not stop the protection of our systems by the Anti-Virus software and did not cause any un-necessary exposure to new threats. What they did do was trigger an alert on files that were not harmful to our systems.