Hi,
It seems we were fortunate with this false positive being able to centrally disable on access scan and selecting update now to update the 700 locations we have Sophos deployed in.
It does raise the question of change management. I mean we all probably spend hours testing new software, patches and hotfixes prior to deployment but just let AV updates install themselves on workstations and servers without a second thought. My concern would be Sophos blocking a critical application, not just is own updater or even the functionality of management from the console.
This is the second false positive I’’’’ve experienced within 6 years use of Sophos. The previous one quarantined winvnc.exe back in July 2010 meaning we were unable to remote connect to the workstations.
I would be interested in hearing if any fellow customers use a test environment to test IDE’’’’s before letting them into the Production environment as I’’’’m trying to weigh up the risks of another false positive against exposing the workstations to new vulnerabilities as I’’’’ve delayed the updates.
Thanks in advance
This thread was automatically locked due to age.
