After messing with this for quite some time, I have figured out a streamlined way to fix the Sophos clients that deleted their own files due to the false positives detected on Wednesday, September 19.
Here is what you do:
1. Restore a backup of any machine with the specific OS (XP, Vista, 7, etc) C:\Program Files (x86)\Sophos\AutoUpdate from a date before September 19, preferably September 18. You only need the AutoUpdate folder, one for each OS...not one for each individual machine.
2. Stop all Sophos services on the client
3. Overwrite the C:\Program Files (x86)\Sophos\AutoUpdate folder on the client machine with the backup folder
4. Install from \\servername\SophosUpdate\CIDs\S000\SAVCFXP\setup.exe
5. Once this complete everything should be fixed.
Notes: If you whole network is XP 32-bit, then all you need is the AutoUpdate folder from before September 19 from one backup. It can be used on all machines. If you have a heterogeneous network (i.e. XPx32, XPx64, Vistax32, Vistax64, 7x32, 7x64, 2003x32, 2003x64, 2008, etc), you will need one AutoUpdate folder from each one to be used with the corresponding client's OS.
I apologize if this solution has already been posted. I don't have time to read through the entire forum. If this helps one person it was worth my time.
Good luck!
This thread was automatically locked due to age.
