An identity for Shh/Updater-B released by SophosLabs for use with Sophos Protection system has caused a False Positive issue that has affected many customers.  This Technical Alert advises how to resolve it.

 Affected products

All Sophos Endpoint solutions, including Small Business Edition (SBE) licenses.  Sophos is also investigating the impact to customers of the Endpoint Protection module within the Sophos UTM.

Details of the issue

SophosLabs released a False Positive for Shh/Updater-B at 18:48:35 (UTC) on Wednesday, 19 September. As a result, some customers are receiving incorrect notifications on Windows systems that they have a malware infection. This is a False Positive, not a malware outbreak.

An update to address this issue was released and published at 21:32 (UTC) on Wednesday, 19 September. This resolved the underlying cause for this False Positive however customers may still be experiencing issues.

Stay up-to-date on this issue

For regular updates:

Sophos is committed to delivering the best protection at all times and we sincerely apologize for any inconvenience caused by this issue.

If you continue to have difficulty with this issue and would like assistance, please do not hesitate to contact me at the ALI Technical Assistance Desk.

alt

Brice Stevens
ALI Technical Assistance Center (TAC)
(540) 443-3398
tac@ali-inc.com