Important advisory about Sophos Endpoint and Small Business products

Filed Under: Uncategorized

Sophos signWe have discovered a problem that may be affecting security on a small number of computers running Sophos Anti-Virus or Sophos Endpoint Security and Control.

Although we have only had a small number of reports of this issue, we are advising all of our customers to perform certain checks as unfortunately the nature of this issue means that it is not reported in Sophos Enterprise Console or Sophos Control Centre.

Computers that might be affected:

  • running 32-bit versions of Windows 2000, Windows XP or Windows Server 2003 only
  • have had a malware or PUA detection (even if previously authorised) and a subsequent cleanup action between the 2nd and 10th of June 2011
  • have not been restarted since June 10th.

If you have computers that meet ALL of the above criteria then the security may be compromised. Computers affected will show on access scanning is disabled in the Sophos Anti-Virus or Sophos Endpoint Security and Control client interface.

To recover the system you should read this endpoint advisory which includes a tool that can be used to identify potentially affected systems in the Sophos Enterprise Console and Sophos Control Centre along with a tool to detect and resolve the issue on a potentially affected computer without restarting it. If practical, simply restarting the computer will resolve the issue.

We're very sorry for any inconvenience caused to affected customers. We strive to produce excellent and reliable software, and on this occasion we didn't do as well as we hoped.

For more information, please consult our knowledgebase article.


You might like

One Response to Important advisory about Sophos Endpoint and Small Business products

  1. Jason · 1568 days ago

    Thanks for the heads up Mr. Cluley :)

    I have a seperate issue with my Enterprise console (not security related) that I'll flag up with support.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley