Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260785 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    UPDATE FROM SOPHOS

    RED NOTIFICATION - False Positive detections with ssh/updater-B - UPDATE 15:11 PDT

    As the False Positive can affect our own binaries, in can in some instances prevent both SUM and SAU from being able to update.

    In these situations the following instructions can be used to workaround the issue, download the fixed IDE, and propagate it to all endpoints.

    SUM unable to update
    If SUM is unable to update it is probable that files in the warehouse are failing to be decoded as they are being falsely detected as Shh/Updater-B.
    To workaround this issue and successfully download the IDE file that fixes this issue follow these steps:

    1. Delete agen-xuv.ide from C:\Program Files\Sophos\Sophos Anti-Virus\ [C:\Program Files (x86)\Sophos\Sophos Anti-Virus\]
    2. Restart the 'Sophos Anti-Virus Service'
    3. Update SUM via the Sophos Enterprise Console

    Endpoints unable to update
    If customers have endpoints that are unable to update due to the false positive issue the following steps can be taken to get the fixed IDE to them:

    1. Centrally disable On-Access scanning via policy in SEC
    2. Select Groups in SEC and select 'Update Now'
    3. Once a group has updated re-enable On-Access scanning via policy in SEC

    :30591
Reply
  • 0

    UPDATE FROM SOPHOS

    RED NOTIFICATION - False Positive detections with ssh/updater-B - UPDATE 15:11 PDT

    As the False Positive can affect our own binaries, in can in some instances prevent both SUM and SAU from being able to update.

    In these situations the following instructions can be used to workaround the issue, download the fixed IDE, and propagate it to all endpoints.

    SUM unable to update
    If SUM is unable to update it is probable that files in the warehouse are failing to be decoded as they are being falsely detected as Shh/Updater-B.
    To workaround this issue and successfully download the IDE file that fixes this issue follow these steps:

    1. Delete agen-xuv.ide from C:\Program Files\Sophos\Sophos Anti-Virus\ [C:\Program Files (x86)\Sophos\Sophos Anti-Virus\]
    2. Restart the 'Sophos Anti-Virus Service'
    3. Update SUM via the Sophos Enterprise Console

    Endpoints unable to update
    If customers have endpoints that are unable to update due to the false positive issue the following steps can be taken to get the fixed IDE to them:

    1. Centrally disable On-Access scanning via policy in SEC
    2. Select Groups in SEC and select 'Update Now'
    3. Once a group has updated re-enable On-Access scanning via policy in SEC

    :30591
Children
No Data