This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • Ok, so I was able to do this, but make sure you delete agen-xuv.ide   not .exe

    Now, that worked for one machine, how do we push this to all other machines and servers????  My machine does show up in the console now as updated.

    ______________________________________________________________________________________________________

    This worked! See previous post froim nathan

    If you are unable to perform an update due to the Updating service being quarantined, but have NOT moved or deleted the files, you can do the following.
    1. Open cmd prompt and type net stop savservice 2. Navigate to C:\program Files\Sophos\Sophos Anti-Virus and delete agen-xuv.exe 3. In cmd prompt, type net start savservice
    If a large number of systems are affected, you can use a tool like PSEXEC to execute the commands on a text file list of systems. Please be sure to get your Sophos Update Manager server working first, as all managed endpoints will not be able to download the IDE until the Sophos Update Managers have pulled it from our databanks.

    :30421
Reply
  • Ok, so I was able to do this, but make sure you delete agen-xuv.ide   not .exe

    Now, that worked for one machine, how do we push this to all other machines and servers????  My machine does show up in the console now as updated.

    ______________________________________________________________________________________________________

    This worked! See previous post froim nathan

    If you are unable to perform an update due to the Updating service being quarantined, but have NOT moved or deleted the files, you can do the following.
    1. Open cmd prompt and type net stop savservice 2. Navigate to C:\program Files\Sophos\Sophos Anti-Virus and delete agen-xuv.exe 3. In cmd prompt, type net start savservice
    If a large number of systems are affected, you can use a tool like PSEXEC to execute the commands on a text file list of systems. Please be sure to get your Sophos Update Manager server working first, as all managed endpoints will not be able to download the IDE until the Sophos Update Managers have pulled it from our databanks.

    :30421
Children
No Data