Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3264279 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    akurk wrote:

    I have performed the procedure of moving the nodes to a policy with on access scanning turned off. Updated their policy and then performed an update..verified the updated IDE was downloaded and then returned them to a policy with on access scanning on.

    I then "acknowledged" the alerts for the impacted files in the Console.

    However on each individual workstations it still shows the impacted files in the quarantine.

    Can someone with SOPHOS please tell us the following:

    1. Is the fact that these items are still in the quarantine allow them to function?  (i.e. GoogleUpdater is in quarantine...will it function?)

    2. How the heck (without going to each of our 1300 impacted machines do we get these out of quarantine ???!??!!??!?

    1. Provided the files are still in their original locations and the ide javab-jd.ide has been applied to the endpoint, the fact that the item is listed in the QM will have no affect. The application will run. If you've moved files, deleted files, or don't have the updated IDE then the application will be blocked.

    2. As for clearing the items from the endpoint QM, there is no central method that I'm aware of yet. If another method is discovered, I will post asap.

    Sorry for going home everyone. I felt like most posts were largely items that had already been covered and that anything not solved through the steps discussed here would be too advanced to solve through the forum anyhow.

    :31047
Reply
  • 0
    akurk wrote:

    I have performed the procedure of moving the nodes to a policy with on access scanning turned off. Updated their policy and then performed an update..verified the updated IDE was downloaded and then returned them to a policy with on access scanning on.

    I then "acknowledged" the alerts for the impacted files in the Console.

    However on each individual workstations it still shows the impacted files in the quarantine.

    Can someone with SOPHOS please tell us the following:

    1. Is the fact that these items are still in the quarantine allow them to function?  (i.e. GoogleUpdater is in quarantine...will it function?)

    2. How the heck (without going to each of our 1300 impacted machines do we get these out of quarantine ???!??!!??!?

    1. Provided the files are still in their original locations and the ide javab-jd.ide has been applied to the endpoint, the fact that the item is listed in the QM will have no affect. The application will run. If you've moved files, deleted files, or don't have the updated IDE then the application will be blocked.

    2. As for clearing the items from the endpoint QM, there is no central method that I'm aware of yet. If another method is discovered, I will post asap.

    Sorry for going home everyone. I felt like most posts were largely items that had already been covered and that anything not solved through the steps discussed here would be too advanced to solve through the forum anyhow.

    :31047
Children
No Data
Cookie Information Banner