More Information
- Shh/Updater-B false positive by Sophos anti-virus products
- Advisory: Shh/Updater-B False positives
- Message from the Sophos CEO
- Shh/Updater-B false positive: Discovering and resolving potentially impacted products
First published: 20th September 2012
Anti-Virus developer Sophos has issued an advisory concerning a false-positive detection for Shh/Updater-B on many binaries that have updating functionality, including components of Sophos Anti-Virus.
This can interfere with the capability of Sophos Anti-Virus to update itself. The advisory includes procedures for re-establishing updating in a number of scenarios. Fortunately, the central management tools can be used to correct the problem without manual intervention at each endpoint.
Sophos released a new identity to eliminate the false positives at Wed, 19 Sep 2012 21:32 +0000 (20 Sep 2012 05:32 a.m. Hong Kong time).
Most anti-virus vendors have, occasionally, shot themselves in the foot, releasing problematic virus identities.
Updated: 28th September 2012
In an email to customers, sent 28th September, Sophos have admitted that this false positive has resulted in large numbers of support calls. They have also provided additional information on the problem, by updating the original knowledgebase article and in a new knowledgebase article that includes a tool to help identify and fix applications that have been affected. Affected applications may include Adobe and Java.
Sophos also commits to publishing a root cause analysis including the steps we are taking to ensure it never happens again. In a letter, Sophos CEO Kris Hagerman apologises for the incident and explains the commitment of resources put behind ensuring all Sophos customers are returned to a normal, productive and protected state. He reaffirms the commitment to sharing the root cause analysis and preventative measures they will implement.