Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260818 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Just some notes on my experiences so far. 

    In my Sophos Control Center I, unfortunately, had my on-access scanning cleanup option set to deny access and move to default location.  When the cluster f of an update occurred earlier, it threw a bunch of Sophos Auto Update files as well as some other update files into this location:

    C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    Fortunately, as Nathan mentioned a few times in this thread, the log file takes note of the original file path of all files moved.  Log file is located here:

    C:\ProgramData\Sophos\Sophos Anti-Virus\logs\sav.txt

    I'm not a programmer and it would probably take me longer to figure out a script to automate this so I manually moved the files back to their original directories having to remove the .000 at the end of each file that Sophos adds when it moves the files.

    My workstation is back up and running (and up to date) without any erros so at least Sophos quickly corrected the problem.

    I manage only about 10 users so I guess I'll be spending some time manually moving these files unless someone has a better solution.

    I feel very badly for all you enterprise admins out there that have off-site and large numbers of workstations to correct (unless you were smarter than I was to begin with and just denied access for cleanup). I've now changed that setting... :)

    Good luck all! 

    :30673
Reply
  • 0

    Just some notes on my experiences so far. 

    In my Sophos Control Center I, unfortunately, had my on-access scanning cleanup option set to deny access and move to default location.  When the cluster f of an update occurred earlier, it threw a bunch of Sophos Auto Update files as well as some other update files into this location:

    C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    Fortunately, as Nathan mentioned a few times in this thread, the log file takes note of the original file path of all files moved.  Log file is located here:

    C:\ProgramData\Sophos\Sophos Anti-Virus\logs\sav.txt

    I'm not a programmer and it would probably take me longer to figure out a script to automate this so I manually moved the files back to their original directories having to remove the .000 at the end of each file that Sophos adds when it moves the files.

    My workstation is back up and running (and up to date) without any erros so at least Sophos quickly corrected the problem.

    I manage only about 10 users so I guess I'll be spending some time manually moving these files unless someone has a better solution.

    I feel very badly for all you enterprise admins out there that have off-site and large numbers of workstations to correct (unless you were smarter than I was to begin with and just denied access for cleanup). I've now changed that setting... :)

    Good luck all! 

    :30673
Children
No Data