Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3264313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    This is what I did:

    Change all policies to only deny access on virus detection.

    Change all policies to disable OnAccess Scanning

    Then

    Method for Icon still in systray:

    1.  Ensure OnAccess Scanning is disabled, if not, disable manually.

    2.  Use the "Update Now" button - assuming you have downloaded the fixed defs to your update server.

    3. Open Sophos and verify that the virus IDE count is 281 or greater under the View Product Info after you expand the Software portion (why they don't list this on the home screen I don't know).

    Method for no Sophos Icon:

    Note you can try to reinstall AFTER disabling OnAccess Scanning. HOWEVER, half of mine got errors during the install 25010 erros I think.  So instead,

    1.  Ensure OnAccess Scanning is disabled, if not, disable manually.

    2. I copied 5 files from the CID\S00x\SAVFPXP\SAVSCFXP\SAU\Program files\Sophos\AutoUpdate\ directory that seemed to be getting deleted.  They are ALsvc.exe, ALUpdate.exe, AUAdapter.dll, Cidsync.dll and  inetconn.dll.  I copied these files back to c:\Program FIles\Sophos\Autoupdate. 

    3. I then restarted the Sophos AutoUpdate Service

    4. Next, I reinstalled sophos.  You might be able to just reboot, but I was dealing with the 80 + Windows servers that were affected and wanted to be sure I had the ALMon systray icon back before I rebooted.

    5. Then run the 'Update Now'

    I have not yet reenabled OnAccess scanning since we were hit so close to 5pm.  I'm going to wait until 9 or 10 am until I'm sure that I have allowed all unaffected pcs to update to the fixed defs before reenabling.

    :31129
Reply
  • 0

    This is what I did:

    Change all policies to only deny access on virus detection.

    Change all policies to disable OnAccess Scanning

    Then

    Method for Icon still in systray:

    1.  Ensure OnAccess Scanning is disabled, if not, disable manually.

    2.  Use the "Update Now" button - assuming you have downloaded the fixed defs to your update server.

    3. Open Sophos and verify that the virus IDE count is 281 or greater under the View Product Info after you expand the Software portion (why they don't list this on the home screen I don't know).

    Method for no Sophos Icon:

    Note you can try to reinstall AFTER disabling OnAccess Scanning. HOWEVER, half of mine got errors during the install 25010 erros I think.  So instead,

    1.  Ensure OnAccess Scanning is disabled, if not, disable manually.

    2. I copied 5 files from the CID\S00x\SAVFPXP\SAVSCFXP\SAU\Program files\Sophos\AutoUpdate\ directory that seemed to be getting deleted.  They are ALsvc.exe, ALUpdate.exe, AUAdapter.dll, Cidsync.dll and  inetconn.dll.  I copied these files back to c:\Program FIles\Sophos\Autoupdate. 

    3. I then restarted the Sophos AutoUpdate Service

    4. Next, I reinstalled sophos.  You might be able to just reboot, but I was dealing with the 80 + Windows servers that were affected and wanted to be sure I had the ALMon systray icon back before I rebooted.

    5. Then run the 'Update Now'

    I have not yet reenabled OnAccess scanning since we were hit so close to 5pm.  I'm going to wait until 9 or 10 am until I'm sure that I have allowed all unaffected pcs to update to the fixed defs before reenabling.

    :31129
Children
No Data
Cookie Information Banner