ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Sophos False Positive with WinLogon.EXE

    News
    sophos security antivirus
    9
    15
    3.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nadnerBN
      nadnerB
      last edited by scottalanmiller

      Bad news for those running Sophos, an update is detecting winlogon.exe as a Trojan (I sense giggles from the Linux users 😉 )

      Dipping sauces:
      http://www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/
      http://www.itnews.com.au/news/sophos-antivirus-gaffe-locks-out-windows-users-436333?

      Fix:
      https://community.sophos.com/kb/en-us/125000

      iroalI 1 Reply Last reply Reply Quote 3
      • travisdh1T
        travisdh1
        last edited by

        @nadnerB said in Sophos False Positive with WinLogon.EXE:

        Bad news for those running Sophos, an update is detecting winlogon.exe as a Trojan (I sense giggles from the Linux users 😉 )

        Why whatever would we giggle about, next thing we know someone replaces the correct ls command with a rootkit version 😉

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          Snicker

          1 Reply Last reply Reply Quote 0
          • iroalI
            iroal @nadnerB
            last edited by iroal

            @nadnerB said in Sophos False Positive with WinLogon.EXE:

            Bad news for those running Sophos, an update is detecting winlogon.exe as a Trojan (I sense giggles from the Linux users 😉 )

            Dipping sauces:
            http://www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/
            http://www.itnews.com.au/news/sophos-antivirus-gaffe-locks-out-windows-users-436333?

            Fix:
            https://community.sophos.com/kb/en-us/125000

            This is the reason I don't like to install Antivirus in windows servers, except specifics cases.

            I had a similar case with Nod32 in a Windows 2003 Server, It started to detect all Dlls in System 32 as Virus.. It was a mess

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • IRJI
              IRJ
              last edited by

              Yep. Saw all the alerts this morning. We are Sophos users.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @iroal
                last edited by

                @iroal said in Sophos False Positive with WinLogon.EXE:

                @nadnerB said in Sophos False Positive with WinLogon.EXE:

                Bad news for those running Sophos, an update is detecting winlogon.exe as a Trojan (I sense giggles from the Linux users 😉 )

                Dipping sauces:
                http://www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/
                http://www.itnews.com.au/news/sophos-antivirus-gaffe-locks-out-windows-users-436333?

                Fix:
                https://community.sophos.com/kb/en-us/125000

                This is the reason I don't like to install Antivirus in windows servers, except specifics cases.

                I had a similar case with Nod32 in a Windows 2003 Server, It started to detect all Dlls in System 32 as Virus.. It was a mess

                But I think what is important is installing good software of any type. Nod32 is, of course, bad. So using that as an example of why not to use AV makes no sense. There is bad, dangerous or worthless software in every category. But we don't avoid all software for that reason. We strive to use good software and products. There are terrible operating systems out there, but we don't rule out Windows just because some other OS is bad. The flaw is with that software, not with Microsoft or Windows. The issues with Nod32 are ESET's problems, not antivirus problems. You are using "bad software experience" and leveraging it incorrectly. It should have made you wary of ESET, not wary of AV.

                iroalI 1 Reply Last reply Reply Quote 0
                • iroalI
                  iroal @scottalanmiller
                  last edited by

                  @scottalanmiller said in Sophos False Positive with WinLogon.EXE:

                  @iroal said in Sophos False Positive with WinLogon.EXE:

                  @nadnerB said in Sophos False Positive with WinLogon.EXE:

                  Bad news for those running Sophos, an update is detecting winlogon.exe as a Trojan (I sense giggles from the Linux users 😉 )

                  Dipping sauces:
                  http://www.theregister.co.uk/2016/09/05/sophos_black_screen_snafu/
                  http://www.itnews.com.au/news/sophos-antivirus-gaffe-locks-out-windows-users-436333?

                  Fix:
                  https://community.sophos.com/kb/en-us/125000

                  This is the reason I don't like to install Antivirus in windows servers, except specifics cases.

                  I had a similar case with Nod32 in a Windows 2003 Server, It started to detect all Dlls in System 32 as Virus.. It was a mess

                  But I think what is important is installing good software of any type. Nod32 is, of course, bad. So using that as an example of why not to use AV makes no sense. There is bad, dangerous or worthless software in every category. But we don't avoid all software for that reason. We strive to use good software and products. There are terrible operating systems out there, but we don't rule out Windows just because some other OS is bad. The flaw is with that software, not with Microsoft or Windows. The issues with Nod32 are ESET's problems, not antivirus problems. You are using "bad software experience" and leveraging it incorrectly. It should have made you wary of ESET, not wary of AV.

                  The problem is that almost all Av companies have had similars issues.

                  I execute all weeks malwarebytes and Gdata Antivirus in all my servers to check the files but don't let them to be online.

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @iroal
                    last edited by

                    @iroal said in Sophos False Positive with WinLogon.EXE:

                    The problem is that almost all Av companies have had similars issues.

                    It's true, most have. But none that we use do we know of having had any 🙂 Nothing will be 100% perfect. But we've not had a false positive in decades. It's not a common thing. But they do stop a lot of threats.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • aaron-closed accountA
                      aaron-closed account Banned
                      last edited by

                      This post is deleted!
                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        Sophos is decent, I'd definitely not be too wary of it. But neither does it make my "going to pay for and deploy this" list 🙂

                        1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @scottalanmiller
                          last edited by JaredBusch

                          @scottalanmiller said in Sophos False Positive with WinLogon.EXE:

                          @iroal said in Sophos False Positive with WinLogon.EXE:

                          The problem is that almost all Av companies have had similars issues.

                          It's true, most have. But none that we use do we know of having had any 🙂 Nothing will be 100% perfect. But we've not had a false positive in decades. It's not a common thing. But they do stop a lot of threats.

                          We get false positives from Webroot all of the time. But it is from custom manufacturer software that is poorly written. So I do not blame Webroot. Just add a new exception every time it happens.

                          1 Reply Last reply Reply Quote 1
                          • DashrenderD
                            Dashrender
                            last edited by

                            other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.

                            StrongBadS 1 Reply Last reply Reply Quote 0
                            • StrongBadS
                              StrongBad @Dashrender
                              last edited by

                              @Dashrender said in Sophos False Positive with WinLogon.EXE:

                              other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.

                              I'm not understanding your statement. This feels like only part of a sentence. Is this a question?

                              DashrenderD 1 Reply Last reply Reply Quote 1
                              • DashrenderD
                                Dashrender @StrongBad
                                last edited by

                                @StrongBad said in Sophos False Positive with WinLogon.EXE:

                                @Dashrender said in Sophos False Positive with WinLogon.EXE:

                                other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.

                                I'm not understanding your statement. This feels like only part of a sentence. Is this a question?

                                It's a statement - I'll re-word.

                                Webroot has had more false positives in the 3 years a client of mine has been using Webroot, than I have had in the 10+ years another client has been using Panda AV.

                                So while I love Webroot (primarily the journaling), it does require more support than other options I have/do use.

                                StrongBadS 1 Reply Last reply Reply Quote 0
                                • StrongBadS
                                  StrongBad @Dashrender
                                  last edited by StrongBad

                                  @Dashrender said in Sophos False Positive with WinLogon.EXE:

                                  @StrongBad said in Sophos False Positive with WinLogon.EXE:

                                  @Dashrender said in Sophos False Positive with WinLogon.EXE:

                                  other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.

                                  I'm not understanding your statement. This feels like only part of a sentence. Is this a question?

                                  It's a statement - I'll re-word.

                                  Webroot has had more false positives in the 3 years a client of mine has been using Webroot, than I have had in the 10+ years another client has been using Panda AV.

                                  So while I love Webroot (primarily the journaling), it does require more support than other options I have/do use.

                                  I see, thanks for the clarification. That's not what I had read you to mean at all. That makes more sense.

                                  1 Reply Last reply Reply Quote 0
                                  • 1 / 1
                                  • First post
                                    Last post