Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    techmoore wrote:

    What the blank are SUM servers. I have been trying for 2 to 3 hours, like everyone else to find a solution.  Can we cut out some of the jargon.  Yes, I am a tech support and  for the second time in the last 4 weeks, I have been dropped into a crisis. I just want info that can be acted on with clear cut directions (that even an idiot can follow).

    Nathan,

    We have been told that an update has gone out. Per the Sophos Enterprise Console, I was last update 9/18/2012 6:14:29 PM, I am showing version 1.3.2.176 (which is the same version since the crisis started). I have tried pushing out the updates with no apparent success.  I have access to one workstation and have tried updating from there but the updater says no files needed updating.

    Are there any solutions from Sophos as yet?  Thank you for any information you can relay.

    Hi,

    Sorry for the techy jargon. SUM is the Sophos Update Manager, SEC is the Sophos Enterprise Console.

    The issue was an IDE, so the version of SUM is not changing as that was not what was fixed. We fixed the false positive (FP) by releasing javab-jd.ide. If you check the savxp folder in your update location (typically something like \\server\sophosupdate\cids\s000\savscfxp\savxp though s000 can be other numbers. check your update location on an endpoint or the bootstrap locations in SEC if you're unsure) you can see if you have that IDE. If so, the endpoints need to be updated to receive that as well. If not, follow the advice from the advisory to get your SUM to update.

    http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

    :30953
Reply
  • 0
    techmoore wrote:

    What the blank are SUM servers. I have been trying for 2 to 3 hours, like everyone else to find a solution.  Can we cut out some of the jargon.  Yes, I am a tech support and  for the second time in the last 4 weeks, I have been dropped into a crisis. I just want info that can be acted on with clear cut directions (that even an idiot can follow).

    Nathan,

    We have been told that an update has gone out. Per the Sophos Enterprise Console, I was last update 9/18/2012 6:14:29 PM, I am showing version 1.3.2.176 (which is the same version since the crisis started). I have tried pushing out the updates with no apparent success.  I have access to one workstation and have tried updating from there but the updater says no files needed updating.

    Are there any solutions from Sophos as yet?  Thank you for any information you can relay.

    Hi,

    Sorry for the techy jargon. SUM is the Sophos Update Manager, SEC is the Sophos Enterprise Console.

    The issue was an IDE, so the version of SUM is not changing as that was not what was fixed. We fixed the false positive (FP) by releasing javab-jd.ide. If you check the savxp folder in your update location (typically something like \\server\sophosupdate\cids\s000\savscfxp\savxp though s000 can be other numbers. check your update location on an endpoint or the bootstrap locations in SEC if you're unsure) you can see if you have that IDE. If so, the endpoints need to be updated to receive that as well. If not, follow the advice from the advisory to get your SUM to update.

    http://www.sophos.com/en-us/support/knowledgebase/118311.aspx

    :30953
Children
No Data