Windows Users Locked Out By SOPHOS Antivirus Tool!

England based Security Software and Hardware vendor “SOPHOS” get into trouble last Sunday, when its antivirus products marked a critical Windows System file as a malware. All the windows users, which are using SOPHOS antivirus services, were unable to log in into their computer systems. According to SOPHOS, all this happened due to a small mistake.

Which Windows File Was This?

“winlogon.exe” is an important file of windows. Antivirus tools of SOPHOS, marked this file as a Trojan “Troj/FarFli-CT”. This is a critical windows file, which is a part of Windows login subsystem. This process is very important to check user authorization and activation. SOPHOS antivirus tools, marked it as a Trojan due to a bad malware signature. After that, when users tried to log in into their user account, they got an error message in black screen. To fix this problem, an instant update had been released by SOPHOS for all its antivirus products. According to SOPHOS, very less number of users have faced this problem as we noticed that this happened only in Windows 7 Service Pack 1.

How Many Users Have Suffered It?

In a support article SOPHOS said, after analyzing our system we noticed the number of affected windows users is very less. SOPHOS also wrote, we were getting feedback from our customers and there was minimal amount of affected users. On the other hand, a number of SOPHOS customers were tweeting that we are trying to reach support team of SOPHOS and we are in queue for hours. Users were looking very much tensed and one user tweeted,” This False Positive Actually removed some of my weekend".

How Affected Users Fixed This Issue?

SOPHOS released a support document for affected users. Company wrote,” User need to reboot his system in Safe Mode and then ne disable SOPHOS Antivirus Program from default start. Now restart your systems in normal mode”. Apart from it, many users were able to log in into their systems by clearing bogus notifications from SOPHOS Console. There was need to mark all the bogus notifications as resolved.

Conclusion

This is not happened first time and SOPHOS is not the first company. Although company had fixed the issue immediately but the question is, how an Antivirus Company can do these type of mistakes? All companies are using proper white listing mechanism to filter the windows legitimate files. The program files of windows are very sensitive. Deleting and blocking windows system files, may harm the computer badly.