Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260917 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    AZJim_K wrote:

    Nathan

    Unfortunalely  I am a new adopter and had the option set to move and delete quarantined files and now they are gone.  So I get the ALMon error loading external resources (0x80070005) on my server and all endpoints.  Also when this first came through I individually went to each of 8 workstations to scan and delete all found viruses.  Not good.

    Do I need to uninstall SAV on all workstations and have it sent down to them again by the server?

    I did this on the server as well.  Do I need to uninstall SAV and SCC from the server and reinstall?

    What a mess.  I wish that I had waited and had the setting setup differently.

    Thanks for your help.

    Uninstalling, as others have reported, will likely make the problem worse, or at least no better.

    I would recommend the following>
    1. Delete agen-xuv.ide and restart savservice
    2. Perform a repair on your SEC install and make sure that is successful
    3. Change your cleanup options in your AV policy to "Deny access only"

    From there the options come down to your skills with VB. If you're good at it, take the VB script I posted earlier and modify it to copy the necessary files from the CID locations. In the CID, you'll see that the individual components of the endpoint have a file structure that looks like the Program Files\Sophos\ structure. You should be able to locate all of the deleted Sophos program files from there. To fix other applications, you'll probably need to find the installation media for those applications to obtain the files, or restore them from backup.

    :30861
Reply
  • 0
    AZJim_K wrote:

    Nathan

    Unfortunalely  I am a new adopter and had the option set to move and delete quarantined files and now they are gone.  So I get the ALMon error loading external resources (0x80070005) on my server and all endpoints.  Also when this first came through I individually went to each of 8 workstations to scan and delete all found viruses.  Not good.

    Do I need to uninstall SAV on all workstations and have it sent down to them again by the server?

    I did this on the server as well.  Do I need to uninstall SAV and SCC from the server and reinstall?

    What a mess.  I wish that I had waited and had the setting setup differently.

    Thanks for your help.

    Uninstalling, as others have reported, will likely make the problem worse, or at least no better.

    I would recommend the following>
    1. Delete agen-xuv.ide and restart savservice
    2. Perform a repair on your SEC install and make sure that is successful
    3. Change your cleanup options in your AV policy to "Deny access only"

    From there the options come down to your skills with VB. If you're good at it, take the VB script I posted earlier and modify it to copy the necessary files from the CID locations. In the CID, you'll see that the individual components of the endpoint have a file structure that looks like the Program Files\Sophos\ structure. You should be able to locate all of the deleted Sophos program files from there. To fix other applications, you'll probably need to find the installation media for those applications to obtain the files, or restore them from backup.

    :30861
Children
No Data