Is any one else seing this alert - Shh/Updater-B False positives

As per the Sophos KB for the supposed fix for this incident (http://www.sophos.com/en-us/support/knowledgebase/118311.aspx)...

To suggest that customers effectively TURN OFF THE ANTIVIRUS on the end-points, roll out the update, and then turn it back on again is such a terrible solution!  - Yeah, why not give the real malware a chance to have some fun! We haven't got anything else to do!

At least as an alternative Sophos should be writing a script for all Windows platforms to remove the offending IDE, restart the SAV services, and accompany it with a guide on deploying the script using PSEXEC. This would be far quicker and safer then disable OnAccess scanning! Granted you need to enumerate a list of the target machines, but surely Sophos could write a script to pull this from SEC?

It doesn't give customers much faith in Sophos as to how this major incident has been, and continues to be handled.

1. Phone lines and amount of staff clearly unable to deal with the volume. - What happens when another major virus hits the wild? How will Sophos cope then!?

2. Lack of communication from Sophos, apart from a few replies in some threads and a poorly advertised KB article. (See above)

3. Poorly thought out solutions to a major incident.

4. Lack of management control and ownership.

I imagine as ever that there will be no official apology and explanation from Sophos. - The Marketing team and senior management would much prefer to bury their heads in the sand and continue to ignore everything.

In the meatime if Sophos could come up with a script to clear the quarantine alerts for Shh/Update-B from the End-Points it would be very much appreciated. - Users logging back onto the machine after leaving it locked overnight and calling us with False Positive malware alerts is very nice. Not! Especially when the machine has already been patched with the updated IDE etc!

Lastly, can someone from Sophos stop this thread and do a better job to advertise the solution!

Oh, and get a proper incident management team!

As per the Sophos KB for the supposed fix for this incident (http://www.sophos.com/en-us/support/knowledgebase/118311.aspx)...

To suggest that customers effectively TURN OFF THE ANTIVIRUS on the end-points, roll out the update, and then turn it back on again is such a terrible solution!  - Yeah, why not give the real malware a chance to have some fun! We haven't got anything else to do!

At least as an alternative Sophos should be writing a script for all Windows platforms to remove the offending IDE, restart the SAV services, and accompany it with a guide on deploying the script using PSEXEC. This would be far quicker and safer then disable OnAccess scanning! Granted you need to enumerate a list of the target machines, but surely Sophos could write a script to pull this from SEC?

It doesn't give customers much faith in Sophos as to how this major incident has been, and continues to be handled.

1. Phone lines and amount of staff clearly unable to deal with the volume. - What happens when another major virus hits the wild? How will Sophos cope then!?

2. Lack of communication from Sophos, apart from a few replies in some threads and a poorly advertised KB article. (See above)

3. Poorly thought out solutions to a major incident.

4. Lack of management control and ownership.

I imagine as ever that there will be no official apology and explanation from Sophos. - The Marketing team and senior management would much prefer to bury their heads in the sand and continue to ignore everything.

In the meatime if Sophos could come up with a script to clear the quarantine alerts for Shh/Update-B from the End-Points it would be very much appreciated. - Users logging back onto the machine after leaving it locked overnight and calling us with False Positive malware alerts is very nice. Not! Especially when the machine has already been patched with the updated IDE etc!

Lastly, can someone from Sophos stop this thread and do a better job to advertise the solution!

Oh, and get a proper incident management team!