Sophos Anti-Virus: issues from false virus detection

Update 21 Sept 3:30pm: We have released a modified version of Sophos’ clean-up utility for students and home users: Sophos Fix . You do not need to run this on EMU-owned computers.

Download the file and unzip it then right-click ‘Sophos Fix.cmd’ and ‘Run as Administrator’.

Please send questions or comments to the Information Systems Helpdesk (, 540 432 4357).

Update 20 Sept 5:15pm: We have deployed a fix for the Sophos-quarantined files. While the fix installs you may receive a warning that your computer has been quarantined. Please disregard the message. The quarantine will be removed automatically when the install is complete.

Update 20 Sept 4:50pm: Sophos has released a script (available from a new post) that reverses the quarantine. We are deploying it to EMU-owned computers. Check back for a solution for non-EMU-owned computers.

Update 20 Sept 9:50am: Sophos has posted information about the problem though it is frequently unavailable as their servers struggle to handle demand. They are also fielding questions on Twitter.

Yesterday afternoon (Wed 19 Sep) Sophos Anti-Virus released an update that falsely identified many Windows programs as virus-infected. Sophos denied access to those files and moved them to quarantine. Worse still, one of the quarantined files was Sophos’ own updater.

Sophos is aware of the problem and is developing a fix. Information Systems will deploy that fix as quickly as possible.