Bah! *Supposedly* Sophos pushed a 'bad update' which is blowin' up machines like crazy! ("False positive"? -->Sophos can say what they want...I say was caused by the GEIST!!!! )

http://Foreshadows.net

Makes me wonder if a virus had some sophos code in it, and when they flagged it, it also flagged their own file...

How did they false positive themselves?

Anyone else here use SEP? Wow... 42% of our machines...

If you have/ use SEP, set your policies to NOT QUARANTINE, or you may need to manually push the "fix"... (Set it to notify (and expect a buncha alert emails)) but don't have it "clean", or it might break itself!!! .


*sighs* what a week!!!!

[This message has been edited by TheDigitalAlchemist (edited 09-19-2012).]

Installing Sophos Safe Guard (full drive encryption) at a company now. We are at roughly a 10% failure rate.... I am not liking this.

------------------
Michael Geddie Photography

10%?

How many machines?

12 out of roughly 120 so far. 670 total machines to do. I don;t think they have an "out" either. oh well. I am just here to install. Easy $$$

net stop "Sophos Anti-Virus"
copy all of the Sophos files that were quarantined back to where they belong and rename them.
Then run almon.exe and right click on the shield and select update.

net stop "Sophos Anti-Virus"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\ALsvc.exe.000" "c:\Program Files\Sophos\AutoUpdate\Alsvc.exe"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\ALUpdate.exe.000" "c:\Program Files\Sophos\AutoUpdate\ALUpdate.exe"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\AUAdapter.dll.000" "c:\Program Files\Sophos\AutoUpdate\AUAdapter.dll"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\ChannelUpdater.dll.000" "c:\Program Files\Sophos\AutoUpdate\ChannelUpdater.dll"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\cidsync.dll.000" "c:\Program Files\Sophos\AutoUpdate\cidsync.dll"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\config.dll.000" "c:\Program Files\Sophos\AutoUpdate\config.dll"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\Logger.dll.000" "c:\Program Files\Sophos\AutoUpdate\Logger.dll"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\SingleGUIPlugin.dll.000" "c:\Program Files\Sophos\AutoUpdate\SingleGUIPlugin.dll"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\swlocale.dll.000" "c:\Program Files\Sophos\AutoUpdate\swlocale.dll"
move "c:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\inetconn.dll.000" "c:\Program Files\Sophos\AutoUpdate\inetconn.dll"
"c:\Program Files\Sophos\AutoUpdate\almon.exe"

Users will still have to deal with any other files that were falsely moved but that should get them up and running.

Glad i dont have to deal with that stuff anymore.

quote Originally posted by User00013170: Glad i dont have to deal with that stuff anymore.

Did you see VMware is coming out with host based AV so you dont have to run it on the guest.

quote Originally posted by Jake_Dragon: Did you see VMware is coming out with host based AV so you dont have to run it on the guest.

There have been some 3rd party plugins for that for some time ( not sure how effective they were, we never looked into it much ). But yes, i heard/saw that a while ago. I'm on the NDA, and have a really great TAM so i get to see stuff long before its released to the public channels.

Oh, and even if we do go that route, another department will still manage that part, so i'm still out of it

[This message has been edited by User00013170 (edited 09-20-2012).]