Message from the Sophos CEO

21 September 2012

Valued Sophos Customers and Partners –

The entire family of Sophos employees, partners, and customers has been dealing with a very challenging situation related to the Shh/Updater-B false positive issue. For any of you who have been affected by this incident, we sincerely apologize.

Our top priority across the entire company is to ensure every single system within every single affected customer is back to a normal, productive, and protected state. To that end, we have increased to maximum capacity our phone support centers in Abingdon (UK), Boston, Karlsruhe (Germany), Madrid, Milan, Paris, Sydney, Tokyo, Vancouver, Wiesbaden (Germany), and other cities around the globe. We have Sophos team members cancelling or rescheduling vacations, leaves of absence, and other business activities to ensure we have mobilized every available resource to the task at hand: To get every remaining customer case resolved as quickly as possible. I would like to extend my thanks to our employees, customers, and partners who are working so hard to help resolve these issues. I am heartened to see how we are all pulling together as a global team to address this challenge.

While Technical Support call volumes have started to significantly subside and hold queues have started to drop, I understand that our hold queues still remain larger than normal, and in some instances, callers have been unable to connect with us. We are doing everything possible to address the queue as fast as we can; I assure you that our Sophos team members are eager to speak with you to help get your case resolved swiftly.

At the same time, we are continuously enhancing our online tools and resources. We are providing regular updates to our Support knowledge base articles; we have posted various diagnostic and remediation tools, which our Engineering teams have been working around the clock to deliver, and we are working on additional tools, videos, and resources to more effectively communicate the recommended steps for effective, efficient remediation. Many affected customers have reported that they have been able to fully recover from this situation based on the information provided. For your reference, here is a link to the latest technical recommendations:

In our 25 year history, Sophos has never experienced an incident quite like this, and we are taking every effort to resolve this issue as fast as possible. Once we have made it past this critical stage of assisting our customers to get back to normal, we will then share our full and detailed explanation of the root cause analysis behind this incident and the steps we have implemented to prevent this in the future. Sophos owes this to you.

Again, on behalf of the company, I am deeply sorry for any disruption this has caused. Situations like this are certainly not unique in the IT security industry, and trust is often earned by how an organization responds under challenging circumstances. The Sophos family is taking every measure to respond in a way that will earn your continued trust.

Very sincerely,


Kris Hagerman
CEO, Sophos