Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3266555 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    I have performed the procedure of moving the nodes to a policy with on access scanning turned off. Updated their policy and then performed an update..verified the updated IDE was downloaded and then returned them to a policy with on access scanning on.

    I then "acknowledged" the alerts for the impacted files in the Console.

    However on each individual workstations it still shows the impacted files in the quarantine.

    Can someone with SOPHOS please tell us the following:

    1. Is the fact that these items are still in the quarantine allow them to function?  (i.e. GoogleUpdater is in quarantine...will it function?)

    2. How the heck (without going to each of our 1300 impacted machines do we get these out of quarantine ???!??!!??!?

    :30983
Reply
  • 0

    I have performed the procedure of moving the nodes to a policy with on access scanning turned off. Updated their policy and then performed an update..verified the updated IDE was downloaded and then returned them to a policy with on access scanning on.

    I then "acknowledged" the alerts for the impacted files in the Console.

    However on each individual workstations it still shows the impacted files in the quarantine.

    Can someone with SOPHOS please tell us the following:

    1. Is the fact that these items are still in the quarantine allow them to function?  (i.e. GoogleUpdater is in quarantine...will it function?)

    2. How the heck (without going to each of our 1300 impacted machines do we get these out of quarantine ???!??!!??!?

    :30983
Children
No Data