Possible Bug?

Just to avoid misunderstandings - I'm neither Sophos nor speaking on behalf of Sophos.

Nevertheless being responsible for support at our site I want to add some comments which might explain the situation a little bit. While we don't have products in this sense I know the problems in conjunction with supported/unsupported. On the one end there is supported and on the other definitely unsupported with a large best effort area in between (for example a web application on a non-standard platform/browser/configuration or a VPN client not on the supported list). Whenever you even only make it appear that you follow the same procedures as for the supported category word gets around quickly and you are flooded with requests and complaints and why-not-mes? It might seem harsh and unfriendly but my team is instructed to follow the arranged procedures - this includes neither labeling something as a "special case" and act on their own nor promising any further handling and volunteering escalation of the request.

@LDMartin1959: You are correct about the paid vs. free - but I can't subscribe to your conclusions/impression. Most established vendors can live with a suggestion made that their product may not be perfect. For one thing past (perhaps erroneous, perhaps just unlucky) strategic decisions often can't be corrected immediately and you just have to face "imperfection" at least for some time. Another thing is that for corporate customers product selection is based on many factors, not just a single bug or feature. Think about - say - a digital semi-professional camera. Apart from the body you have a set of lenses you can use with different models of this vendor, you know how it works, you probably have special software and have spent quite some time to learn to work with the whole system. At one point you might have gripes because of a certain issue but you'd think more than twice before turning to another maker (well, it's not a perfect example as you can have more than one camera - if you can afford it:smileywink:). Furthermore wouldn't silently supporting a request be better suited to hide an issue than rejecting the query?

There is a support channel (but not a one-to one) - this forum. You've probably read that several issues reported by users have been extensively dealt with (mostly though Andrew/Agile) but there were other exchanges (and outside of this forum too) as well. Returning to paying customers - guess they'd be miffed if the got the impression that non-paying customers receive the same level of support than them (and not all of them would buy the argument that overall it's also to their benefit). Don't forget that free users get in practice the same level of frequent updates (now including real-time lookups) as paying customers (and the required infrastructure is neither free for Sophos nor is it sponsored in any way) - so the offers (free vs. paid) have to be carefully balanced (this is true for any vendor).

Don't know what detail you have submitted to Support - unfortunately not having Time Machine I couldn't help you at least by trying to recreate the problem - but from you initial post there's not much to works with other than asking: What was/were the detection(s)? And where? And - are you running v7 or v8 (please excuse if I have missed it)? I see you have already provided some additional details in your edit. A (possible) issue of incorrect paths has come up in this forum here.

As I've already been (overly) lecturing I might as well add a word about the seriousness of the bug. Current AV's major function is on-access scanning (additionally backed by real-time threat information). While there is - as far as I can judge - definitely a bug which has to be corrected (you could restore an infected backup to a location which is exempted from on-access scanning) it seems not to affect the most important components and therefore doesn't call for all hands on deck.    

Christian 

Just to avoid misunderstandings - I'm neither Sophos nor speaking on behalf of Sophos.

Nevertheless being responsible for support at our site I want to add some comments which might explain the situation a little bit. While we don't have products in this sense I know the problems in conjunction with supported/unsupported. On the one end there is supported and on the other definitely unsupported with a large best effort area in between (for example a web application on a non-standard platform/browser/configuration or a VPN client not on the supported list). Whenever you even only make it appear that you follow the same procedures as for the supported category word gets around quickly and you are flooded with requests and complaints and why-not-mes? It might seem harsh and unfriendly but my team is instructed to follow the arranged procedures - this includes neither labeling something as a "special case" and act on their own nor promising any further handling and volunteering escalation of the request.

@LDMartin1959: You are correct about the paid vs. free - but I can't subscribe to your conclusions/impression. Most established vendors can live with a suggestion made that their product may not be perfect. For one thing past (perhaps erroneous, perhaps just unlucky) strategic decisions often can't be corrected immediately and you just have to face "imperfection" at least for some time. Another thing is that for corporate customers product selection is based on many factors, not just a single bug or feature. Think about - say - a digital semi-professional camera. Apart from the body you have a set of lenses you can use with different models of this vendor, you know how it works, you probably have special software and have spent quite some time to learn to work with the whole system. At one point you might have gripes because of a certain issue but you'd think more than twice before turning to another maker (well, it's not a perfect example as you can have more than one camera - if you can afford it:smileywink:). Furthermore wouldn't silently supporting a request be better suited to hide an issue than rejecting the query?

There is a support channel (but not a one-to one) - this forum. You've probably read that several issues reported by users have been extensively dealt with (mostly though Andrew/Agile) but there were other exchanges (and outside of this forum too) as well. Returning to paying customers - guess they'd be miffed if the got the impression that non-paying customers receive the same level of support than them (and not all of them would buy the argument that overall it's also to their benefit). Don't forget that free users get in practice the same level of frequent updates (now including real-time lookups) as paying customers (and the required infrastructure is neither free for Sophos nor is it sponsored in any way) - so the offers (free vs. paid) have to be carefully balanced (this is true for any vendor).

Don't know what detail you have submitted to Support - unfortunately not having Time Machine I couldn't help you at least by trying to recreate the problem - but from you initial post there's not much to works with other than asking: What was/were the detection(s)? And where? And - are you running v7 or v8 (please excuse if I have missed it)? I see you have already provided some additional details in your edit. A (possible) issue of incorrect paths has come up in this forum here.

As I've already been (overly) lecturing I might as well add a word about the seriousness of the bug. Current AV's major function is on-access scanning (additionally backed by real-time threat information). While there is - as far as I can judge - definitely a bug which has to be corrected (you could restore an infected backup to a location which is exempted from on-access scanning) it seems not to affect the most important components and therefore doesn't call for all hands on deck.    

Christian