Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260785 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Well...Nathan's suggestion of deleting the agen-xuv.ide file on the update managers and forcing an update from the console does seem to resolve the issue for two of my update managers updating from the internet

    But the clients...eg my client still shows a detection for the virus in spite of being updated

    Just recd an email from sophos for the solution:

    SUM unable to update
    If SUM is unable to update it is probable that files in the warehouse are failing to be decoded as they are being falsely detected as Shh/Updater-B.
    To workaround this issue and successfully download the IDE file that fixes this issue follow these steps:

    1.  Delete agen-xuv.ide from C:\Program Files\Sophos\Sophos Anti-Virus\  [C:\Program Files (x86)\Sophos\Sophos Anti-Virus\]
    2.  Restart the 'Sophos Anti-Virus Service'
    3.  Update SUM via the Sophos Enterprise Console


    Endpoints unable to update
    If endpoints are unable to update due to the false positive issue the following steps can be taken to get the fixed IDE to them:

    1.  Centrally disable On-Access scanning via policy in SEC
    2.  Select Groups in SEC and select 'Update Now'
    3.  Once a group has updated re-enable On-Access scanning via policy in SEC

    I'll pray for those who had selected delete if clean up fails option

    :30595
Reply
  • 0

    Well...Nathan's suggestion of deleting the agen-xuv.ide file on the update managers and forcing an update from the console does seem to resolve the issue for two of my update managers updating from the internet

    But the clients...eg my client still shows a detection for the virus in spite of being updated

    Just recd an email from sophos for the solution:

    SUM unable to update
    If SUM is unable to update it is probable that files in the warehouse are failing to be decoded as they are being falsely detected as Shh/Updater-B.
    To workaround this issue and successfully download the IDE file that fixes this issue follow these steps:

    1.  Delete agen-xuv.ide from C:\Program Files\Sophos\Sophos Anti-Virus\  [C:\Program Files (x86)\Sophos\Sophos Anti-Virus\]
    2.  Restart the 'Sophos Anti-Virus Service'
    3.  Update SUM via the Sophos Enterprise Console


    Endpoints unable to update
    If endpoints are unable to update due to the false positive issue the following steps can be taken to get the fixed IDE to them:

    1.  Centrally disable On-Access scanning via policy in SEC
    2.  Select Groups in SEC and select 'Update Now'
    3.  Once a group has updated re-enable On-Access scanning via policy in SEC

    I'll pray for those who had selected delete if clean up fails option

    :30595
Children
No Data