Sophos updating policy
I sent a new exclusion rule to stop scanning the sophos folders and "reprotected" the clients. Worked for all my 350 clients although the AV server took a kicking while they all updated. Edit all of your ' Updating' policies in Enterprise Console. The above steps can be repeated for just those computers. At least manually clearing the quarantine lists is feasible, if not a pretty option.
It is an absolute no brainer for me - if you already have a Sophos environement for Windows use it for Mac.
Beer because I think some people are going to need one! Lucky by shear chance I happen to be chaecking my work emails last night at about 2125 just as things were starting.
Thank god it happened when most of our PCs were offline so only a handful are going to need work, I pity those on US timezones where their computers were all online.
Looks like it just repairs "required registry entries" and shortcuts? Still not quite sorted things out as some of the files on our sophos server were moved but the server does seem to be updating ok, I've sorted all the workstations You can easily fix as a home user, but the SUM/SEC enterprise instructions don't work with the SCC small business version.
I was getting a "25010" with "No Update In Progress" error while trying to uninstall one of 3 Sophos items in XP control-panel, apparently this has been a bugaboo for Sophos for quite a while now, judging by various online comments and kb articles. Turn-off 'on-access' scanning in all of your Anti-virus and HIPS policy. Go to the Update Managers in your Enterprise Console, right-click your Update Managers and choose ' Update now'. Wait for the update manager to finish downloading the latest updates (Download status changes to Matches) 4. The number of false-positive Virus/Spyware detection should start falling. Enable the on-access scanner when the number of false-positive detection has fallen significantly. If there are any computers still showing the false-positive alert then they have either not received the latest update or the 'on-access' scanner was still enabled when they tried to update. I've got two sites that have neatly dropped through the cracks at the moment - we can't fix the server, so can't update the endpoints.
(although most of those run, just won't update now) Sophos issuing instructions on their site to fix Sophos is one thing but the damage this false positive has caused by deleting the updaters is a lot worse.