VNC on access hits

Yes, we have it rolled out site-wide.

Is it a change in the exe that makes it now a virus?

Is it existing viral code in the application?

What is the nature of the virus and how did this definition come about?

...calling tech support...

Sophos's tech support tells me that there is an issue and an update is coming out.  This translates to, we made a mistake and marked Ultra VNC as a virus in our definitions when it actually is not a virus.  The labs are putting an update together for this.

J

Apart from the false positive - what does the prefix GFP signify? From the detection's effects I'd say it Generic False Positive (although one might argue that GFP/UltVNC-Gen is a pleonasm) :smileytongue:

Christian

I'm getting this one two machines that were left on overnight, I'm guessing because the latest update is recognising UltraVNC as a virus.

Is this a confirmed virus or an error? I've received 100s of virus warnings so far and expect many more as the update filters down to the rest of the machines today.

Just wanted to flag this up as a "me too". Came in this morning to hundreds of alerts and a support department thinking we'd had a major incident :smileyvery-happy:

I'm in the middle of rolling out Sophos to our entire EPOS estate as part of our PCI-DSS compliance and every ESOS unit has VNC installed. Just glad I'm only 1/8 of the way through the rollout.

Guess I'll raise it as a support ticket to make sure this gets looked at.

As people are aware this was a false positive: At 5:09 GMT Tuesday 27 July 2010 Sophos issued the IDE agen-oca.ide which included the update to remove the incorrect detection of VNC server as GFP/UltVNC-Gen.

I also noticed this today, so logged into the forum to ask about it.

 Was great to see this already discussed in the forums and to see a reply from a Sophos Employee acknowledging the issue.