14 DAY TRIAL // Sophos customers experienced bogus malware warnings for content served from google-analytics.com yesterday, as a result of a bad definition issued by the security vendor.
The company managed to rectify the issue within one hour since the false alarms started popping up, however, it might have taken more time until the fix was propagated to all of its customers' workstations and appliances.
"Sophos Live Protection would report Mal/HTMLGen-A when visiting webpages which reference google-analytics.com. Similarly, the Sophos web appliance would block the download of Google Analytics content," Graham Cluley, a senior technology consultant at Sophos, explains.
The company claims that measures have been taken to avoid this issue from reapeating, but whether that means adding the site to a whitelist or not, is not clear.
The incident didn't prevent users from viewing pages normally, but it might have skewed visitor statistics for some webmasters since Google Analytics is used to gather web traffic information.
"We would like to apologise for any inconvenience caused by this false positive, and reassure customers that an investigation is taking place and steps have already been taken to prevent it from happening again," the company said.
False positive incidents are something that each antivirus vendor has to deal with at one point or another. However, some of these situations can be worse than others.
Past incidents that involved erroneously blocking web content include a bad update that caused the popular Avast! Antivirus to detect malware on nearly all websites back in April.
In October last year, Avira accidentally blocked a number of large websites including Google and CNN, while earlier that year, AVG products reported malicious content in Google's reCAPTCHA.
False positive incidents involving Windows system files are the most dangerous ones because they can leave computers unable to boot back into the operating system and might require more technical knowledge on behalf of users to fix.