We have discovered a problem that may be affecting security on a small number of computers running Sophos Anti-Virus or Sophos Endpoint Security and Control.
Although we have only had a small number of reports of this issue, we are advising all of our customers to perform certain checks as unfortunately the nature of this issue means that it is not reported in Sophos Enterprise Console or Sophos Control Centre.
Computers that might be affected:
- running 32-bit versions of Windows 2000, Windows XP or Windows Server 2003 only
- have had a malware or PUA detection (even if previously authorised) and a subsequent cleanup action between the 2nd and 10th of June 2011
- have not been restarted since June 10th.
If you have computers that meet ALL of the above criteria then the security may be compromised. Computers affected will show on access scanning is disabled in the Sophos Anti-Virus or Sophos Endpoint Security and Control client interface.
To recover the system you should read this endpoint advisory which includes a tool that can be used to identify potentially affected systems in the Sophos Enterprise Console and Sophos Control Centre along with a tool to detect and resolve the issue on a potentially affected computer without restarting it. If practical, simply restarting the computer will resolve the issue.
We're very sorry for any inconvenience caused to affected customers. We strive to produce excellent and reliable software, and on this occasion we didn't do as well as we hoped.
For more information, please consult our knowledgebase article.Follow @gcluley