1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sophos and false/positives issue

Discussion in 'Computer Security' started by dales, Jul 1, 2009.

  1. dales

    dales Gigabyte Poster

    1,997
    46
    97
    All,

    We just received the latest update from sophos for our enterprise service, as it started rolling it out it became obvious that something was wrong. We have monitoring software installed on a number of pc's which monitor what applications are installed etc and that is proving a false/positive.

    Also affected is the logmein client which I assume the dll that managements the heartbeat messages to logmein are being deleted.

    There are a few other bits of software affected on our network by I think they are quite rare outside our network. But if you roll with sophos enterprise dont be surprised to get a bunch of false positives and random deletion of files.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  2. Gingerdave

    Gingerdave Megabyte Poster

    991
    44
    74
    We had that with McAffee and dameware. We ended up configuring a new profile for the ou that contains the IT computers and then stoping the anti virus on the remote machine for the duration of the session.
     
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  3. Pady

    Pady Nibble Poster

    85
    2
    29
    you could also contact Sophos and advise them about these false positives. they are usually very quick to update their detection rules. this is what we did for several pieces of software our consultants use. worked out easier and quicker this way.
     
    Certifications: A+, See Sig for HW Certs
    WIP: Network+ & MCP 70-270
  4. dales

    dales Gigabyte Poster

    1,997
    46
    97
    Yes we are doing that, I've supplied sophos with the files involved yesterday but thought I'd just post a quickie just in case anyone else starts getting them.

    On one of our servers it started quarintining some pretty critical MS files.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing

Share This Page

Loading...