I was recently tasked with removing Sophos Antivirus in favour of System Center Endpoint Protection (hereafter referred to as SCEP) using System Centre Configuration Manager (hereafter referred to as Config Mgr).
I was hoping it could simply be deployed and that when SCEP installs it would automatically remove Sophos.
Some very large clients are affected, such as the University of Texas.
On the Sophos forums there are 14 pages of users reporting issues already, and many are saying that their Sophos has crippled updating process, so even if the company does push out an update it will be near impossible to update the clients to resolve it.
I subscribe to Mac updates, and SEC generates a binary Mac installer for me to use on Mac endpoints (Version 7 for Mac, also an older version).
However, when I run the installer on Mac endpoints, it installs fine but then never auto-fills out the location of the update server, which is on a network share, and the account credentials used to access it, which I do not know and were generated by Sophos automatically.
Once that’s done I need to do some testing on some VMs.
Neowin contacted Sophos for comment who responded with "we are aware of the problems and are working on this issue at this time." They also responded to a forum user via email: I am sorry currently this is a false positive, we have removed the bad detection and you should see the detections begin to go away.
Please let me know if you have any further questions.
The update detects any software that includes an updater, such as Adobe Flash Updater, Google Update or Adobe Reader Updater as a virus and repeatedly warns the user about it.
If configured to send emails (as many corporates have), support desks have been inundated with requests for help from their users with the "Updater-B" virus.