I see this topic comes periodically and, it seems, has never been answered conclusively which, most likely, stems from the fact that threat may be legitimate in some scenarios. But, whenever causes this false positive, Sophos itself may be, sadly, getting itself on a sort of blacklist. Here are 2 screengrabs, I am getting now.
MB