Earlier today an update relased by Sophos caused false positives against many binaries that have updating functionality including Sophos itself. Sophos have released an update to resolve the issue but there are some steps that need to be taken to update properly on endpoint systems with standalone installations:
1) Disable On-Access scanning and add Exclusions:
- Open Sophos Endpoint Security and Control by right clicking and selecting ‘Run as administrator’ if you are not already an Administrator on the system
- Click on Configure -> Anti-Virus -> On-Access scanning…
- In the Scanning tab untick ‘Enable on-access scanning for this computer’
- Click on Exclusions tab
- Add the following folders:
- C:\Program Files (x86)\Sophos\
C:\Program Files\Sophos\
C:\ProgramData\Sophos - Click OK
2) Clear Sophos items from Quarantine Manager:
- On the Home screen select ‘Manage quarantine items’
- Select all Sophos AV related items such as C:\Program Files (x86)\Sophos\AutoUpdate\swlocale.dll
- Click ‘Clear from list’
3) Run the Update service:
- Close Sophos Endpoint Security and Control
- Open the folder C:\Program Files (x86)\Sophos\AutoUpdate or C:\Program Files\Sophos\AutoUpdate and double-click ALMon.exe
- Launch Sophos Endpoint Security and Control
- Click Configure -> Updating and ensure you have http://sophosupdate.anu.edu.au/sophosupdate/windows10/ as your update source
- Right click on the Sophos logo in your taskbar and select Update Now
4) Enable On-Access scanning:
- Open Sophos Endpoint Security and Control
- Click on Configure -> Anti-Virus -> On-Access scanning…
- In the Scanning tab tick ‘Enable on-access scanning for this computer’
- Click OK
Leave a reply
You must be logged in to post a comment.