Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260840 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    Nathan wrote:
    Lelia wrote:

    Nathan

    I rempoved the agen-xuv.ide and restarted services on my server.  It still wont update.  I think the update.exe was deleted.

    What do I need to do to get updates working again on the server?

    Thanks

    Do you have a backup of the server that you can restore the deleted files from? You can check the log on the Sophos Anti-Virus client to confirm what file was deleted and the location to restore it to. From the Home page in the Sophos Anti-Virus client, just click on "View anti-virus and HIPS log".

    We had ours set to "Deny Access & Move". I began by shutting down Sophos (net stop savservice), and deleting the file "agen-xuv.ide", as directed. Then I manually restored the files, as Nathan suggests above, by pulling the details from the HIPS/AV Log. It was a long and tedious process. After that was done, I started SAVService back up, and ran "Update Now". It took some time, but the IDE's did update on the Server.

    With the server now working, I am shifting my focus to the clients. (Already turned off On-Access,  now trying to get them to update.)

    Thank you Nathan for your diligent assistance through this difficult time. It is greatly appreciated!

    :30709
Reply
  • 0
    Nathan wrote:
    Lelia wrote:

    Nathan

    I rempoved the agen-xuv.ide and restarted services on my server.  It still wont update.  I think the update.exe was deleted.

    What do I need to do to get updates working again on the server?

    Thanks

    Do you have a backup of the server that you can restore the deleted files from? You can check the log on the Sophos Anti-Virus client to confirm what file was deleted and the location to restore it to. From the Home page in the Sophos Anti-Virus client, just click on "View anti-virus and HIPS log".

    We had ours set to "Deny Access & Move". I began by shutting down Sophos (net stop savservice), and deleting the file "agen-xuv.ide", as directed. Then I manually restored the files, as Nathan suggests above, by pulling the details from the HIPS/AV Log. It was a long and tedious process. After that was done, I started SAVService back up, and ran "Update Now". It took some time, but the IDE's did update on the Server.

    With the server now working, I am shifting my focus to the clients. (Already turned off On-Access,  now trying to get them to update.)

    Thank you Nathan for your diligent assistance through this difficult time. It is greatly appreciated!

    :30709
Children
No Data