Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260873 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    markho wrote:
    Nathan wrote:
    markho wrote:

    Is there a downside to just re-"Protecting" the computers whose Sophos Update files were sent to the INFECTED dir, rather than restoring those files to the original directory?  Besides this not resolving the same issue with 3rd party updaters.  Will this even work?

    The only downside is increased network traffic. However, if this is the easiest option for you, then that would outweigh the network impact.

    This doesn't appear to work.  "Code 00000000a Uninstall of Sophos AutoUpdate failed."

    Hrm, didn't think of that. I'm guessing that a file that was deleted is necessary for the uninstall routines. I honestly haven't tested doing this just yet. The files needed _should_ be in the update location though, so even if deleted they could be obtained again. If you're good with VB, you could tweak the script for fixing moved files to fix deleted files in a similar method.

    :30793
Reply
  • 0
    markho wrote:
    Nathan wrote:
    markho wrote:

    Is there a downside to just re-"Protecting" the computers whose Sophos Update files were sent to the INFECTED dir, rather than restoring those files to the original directory?  Besides this not resolving the same issue with 3rd party updaters.  Will this even work?

    The only downside is increased network traffic. However, if this is the easiest option for you, then that would outweigh the network impact.

    This doesn't appear to work.  "Code 00000000a Uninstall of Sophos AutoUpdate failed."

    Hrm, didn't think of that. I'm guessing that a file that was deleted is necessary for the uninstall routines. I honestly haven't tested doing this just yet. The files needed _should_ be in the update location though, so even if deleted they could be obtained again. If you're good with VB, you could tweak the script for fixing moved files to fix deleted files in a similar method.

    :30793
Children
No Data