Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3264302 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    "Need your help..

    can you list down the step?

    What to you mean by after applying the C:\Program Files\Sophos exclusion?

    Where can I do that?"

    This is to specifically address the "Error loading external resources (0x8007007e)" error when the PC starts and the Sophos Shield does not appear in the systray, therefore no update option from there...

    The first thing you could try if a managable number of machines are affected, is to add On-access scanning Exclusions  (you may first need to Authenticate user)...

    1. Open the Sophos Endpoint Security and Control from the Start Menu
    2. Authenticate user, if need be (options may be greyed out if Tamper Protection is enabled and you don't authenticate).
    3. Configure -> Anti-Virus -> On-access scanning...
    4. Exclusions tab
    5. Add Item Type Folder for "C:\Program Files\Sophos\" or whatever is appropriate for your install
    6. Select Sophos items from the Quarantine list and then "Clear from list"

    Reboot and you should hopefully find the Sophos Shield in the systray again.

    From the Sophos Server I added the exclusion under:

    1. Policies
    2. Anti-Virus and HIPS
    3. Default (or whichever policy you use for the affected machines)
    4. On-access scanning Configure button
    5. Windows Exclusions
    6. Add C:\Program Files\Sophos\
    7. OK, OK
    :31105
Reply
  • 0

    "Need your help..

    can you list down the step?

    What to you mean by after applying the C:\Program Files\Sophos exclusion?

    Where can I do that?"

    This is to specifically address the "Error loading external resources (0x8007007e)" error when the PC starts and the Sophos Shield does not appear in the systray, therefore no update option from there...

    The first thing you could try if a managable number of machines are affected, is to add On-access scanning Exclusions  (you may first need to Authenticate user)...

    1. Open the Sophos Endpoint Security and Control from the Start Menu
    2. Authenticate user, if need be (options may be greyed out if Tamper Protection is enabled and you don't authenticate).
    3. Configure -> Anti-Virus -> On-access scanning...
    4. Exclusions tab
    5. Add Item Type Folder for "C:\Program Files\Sophos\" or whatever is appropriate for your install
    6. Select Sophos items from the Quarantine list and then "Clear from list"

    Reboot and you should hopefully find the Sophos Shield in the systray again.

    From the Sophos Server I added the exclusion under:

    1. Policies
    2. Anti-Virus and HIPS
    3. Default (or whichever policy you use for the affected machines)
    4. On-access scanning Configure button
    5. Windows Exclusions
    6. Add C:\Program Files\Sophos\
    7. OK, OK
    :31105
Children
No Data
Cookie Information Banner