Sophos update caused login problems for Windows 7 PCs
Sophos antivirus software briefly identified ‘winlogon.exe’ as a virus or spyware on Sunday. As a result, some users were unable to log in to their system. The problem seems to only occur on certain Windows 7 systems with SP1.
Sohpos writes that in a Knowledge Base article. After the September 4 update, Sohpos Enterprise Console, Sophos Central, or Sophos Home would display a message like: “Virus/spyaware ‘Troj/RarFli-CT’ has been detected in “C:WindowsSystem32winlogon.exe”. Cleanup unavailable.”
The problem was in the virus definitions ‘java-aqr.ide’ released on Sunday. The correct version has been sent to endpoints from Sunday, September 4, 11 AM Central European Time. After the update, the problem has been resolved.
Sophos says it does not yet know what the impact of the error will be, but says that in most cases it is sufficient to click ‘Resolve Alerts and Errors’ in the Sophos Enterprise Console and choose ‘Mark as Acknowledged’.
However, there are users who are presented with a black screen when logging in; this concerns users of the 32-bit version of Windows 7 with SP1. The problems can be solved by logging into Safe Mode via F8 during Windows startup. Then the automatic launch of Sophos must be turned off. After that, you should be able to log in again after a reboot and then switch on Sophos again after installing the update.