Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3266555 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    From my standpoint this is far from fixed, damage has been done to the workstations files have been deleted still have yet to see a valid way to clear the items from quarantine on the client end of things.  Our policy is aggresive for clean up 

    Can anyone tell me where I find this

    There is no cleanup for this detection, and you will see it quarantined unless you have your on-access policy set to move or delete detections if cleanup is not possible. Please double check your SAV policy under cleanup; You want to ensure your secondary option (when cleanup is not available or does not work) to be set to ‘‘‘‘deny access’’’’ and not delete or move. Once the detections have stopped, you can acknowledge the alerts in the Console, this way you can see who is still reporting it, and confirm it is trending down.

    This little blip has deleted files for any program that has an updater built into it, Adobe, Sprint Smart View, Java, Quickbooks and many more I am sure we will find.

    Any help on where to get on the line I highlighted would be great

    :30973
Reply
  • 0

    From my standpoint this is far from fixed, damage has been done to the workstations files have been deleted still have yet to see a valid way to clear the items from quarantine on the client end of things.  Our policy is aggresive for clean up 

    Can anyone tell me where I find this

    There is no cleanup for this detection, and you will see it quarantined unless you have your on-access policy set to move or delete detections if cleanup is not possible. Please double check your SAV policy under cleanup; You want to ensure your secondary option (when cleanup is not available or does not work) to be set to ‘‘‘‘deny access’’’’ and not delete or move. Once the detections have stopped, you can acknowledge the alerts in the Console, this way you can see who is still reporting it, and confirm it is trending down.

    This little blip has deleted files for any program that has an updater built into it, Adobe, Sprint Smart View, Java, Quickbooks and many more I am sure we will find.

    Any help on where to get on the line I highlighted would be great

    :30973
Children
No Data