Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 3973 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Preventing Sophos potential false positive

Sophos_User

I wanted to get some ideas on how we can prevent a potential issue like that recently discovered with MacAfee’’’’s false positive.

I will list below what I am doing and would like to get feedback on what others are doing. 

1)  I have multiple groups within the Sophos console containing pilot and production machines. 

2)  I have multiple polices that I keep in sync except for AV version. 

3)  I keep the pilot machines on the "recommended" setting in the policy. 

4)  The production machines stay 1 version behind which at this time is 9.0.5 VDL4.52 for at least 1 week.  

5)   If nothing happens to my pilot machines, nothing is reported in the news  and there is nothing in posted in this user community I rollout the latest version to production.

Can anybody post their processes or comment on my processes?

thanks

:2590


This thread was automatically locked due to age.
Parents
  • 0

    Sorry to barge in here but this thread was just about the only thing I could find online related to my recent issue. I thought it might be good to comment in case anyone else out there on the interwebs needs the info.

    As well as false positives protecting against 'incoiming' you also need to be aware of false positives when clients are visiting your website.

    Over the last 2 weeks we became aware that our website was being flagged as malicious. Obviously this had a major impact on turnover. It was only a client that told us that our site was flagged.

    Sophos did eventually include a patch in their next update once it was brought to their attention (and after applying enough pressure). The problem is that our company is not big enough to even purchase the offending software in order to test for such a false possitive.

    I wonder why companies such as Sophos feel that it is ok to damage the reputation of another company while not even having the regard to notify them of their actions.

    More info at http://www.distinctivedoors.co.uk/news/10

    :4704
Reply
  • 0

    Sorry to barge in here but this thread was just about the only thing I could find online related to my recent issue. I thought it might be good to comment in case anyone else out there on the interwebs needs the info.

    As well as false positives protecting against 'incoiming' you also need to be aware of false positives when clients are visiting your website.

    Over the last 2 weeks we became aware that our website was being flagged as malicious. Obviously this had a major impact on turnover. It was only a client that told us that our site was flagged.

    Sophos did eventually include a patch in their next update once it was brought to their attention (and after applying enough pressure). The problem is that our company is not big enough to even purchase the offending software in order to test for such a false possitive.

    I wonder why companies such as Sophos feel that it is ok to damage the reputation of another company while not even having the regard to notify them of their actions.

    More info at http://www.distinctivedoors.co.uk/news/10

    :4704
Children
No Data