Jump to content
Login new information ×
Login new information

Sophos Antivirus Screw-Up Blocks Windows Users From Logging In

Petrovic

By Petrovic
in Security & Privacy News

Recommended Posts

Petrovic

Petrovic

Posted
Posted

Users of the Sophos antivirus engine for Windows had a busy and frustrating weekend after a false positive error blocked access to the winlogon.exe file, used in the Windows login process, effectively preventing users from accessing their PCs.

 

The error caused a lot of angry Twitter rants, with customers unable to understand why they were unable to log into their PCs over the weekend.

 

The Sophos team were on hand to fix the issue and announced their snafu on early Sunday morning, providing an emergency update to fix their virus signature database, and remove the false virus detection.

 

At the heart of the issue was a Sophos signature that marked the "C:WindowsSystem32winlogon.exe" as infected with the Troj/FarFli-CT spyware, and blocked Windows access to this crucial file that is the de-facto executable for the Logon screen.

 

As such, users were left staring at a black screen for hours without any clue of what was actually going on.

 

Users still troubled by this error can visit this Sophos support page for more details. The easiest way to fix the issue is to boot Windows in Safe Mode, disable the Sophos antivirus service, boot again, log in, start the antivirus and trigger an immediate update to remove the false positive detection.

 

According to the Sophos support topic, only users running Windows 7 SP1 on 32-bit platforms have been affected.

Article source

Link to comment
Share on other sites
  • Replies 2
  • Views 564
  • Created
  • Last Reply
straycat19

straycat19

Posted
Posted

And exactly how are the users suppose to access this fix when their computer won't boot, they can't surf the net, and they aren't computer literate?  The internet has become so pervasive they forget that not everyone using a computer knows only how to turn it on, log in, and surf.  Anything beyond that is well beyond their computer expertise.

 

Dr Johannes Ulrich scanned 10 malware samples that he had just received using Sophos AV with the latest virus definitions and not one of the samples was detected.  This is why people are losing confidence in AV programs.  Personally I lost confidence about 7 years ago and haven't used one since.

Link to comment
Share on other sites
pc71520

pc71520

Posted
Posted
19 hours ago, straycat19 said:

Personally, I lost confidence about 7 years ago and haven't used one since.

Same, here. Have never trusted AVs since 2008.

I only use some On-Demand Scanners, here and there.

Imaging & Sandboxing is my main Line of Defense;)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...