Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261104 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Good Morning Nathan, nice to see you back. 

    Any idea if Sophos is working on a way to centrally clear the quaratine list on each endpoint? I know that is not how it is designed at the moment but many of us are looking at serious dollars in bringing in extra hands to do this. Let your engineers know:

    1) Each quarantine does need to be inspected prior to clearing the list in case anything else snuck in during this time period. 

    2) When you are looking a hundreds or thousands of endpoints, you are facing days of workstations without on-access protection and they are now vulnerable. 

    3) It is not feasible to ask users to clear the endpoints because of number 1) as well as they could well delete necessary files. 

    They need to remember many sites have hundreds to thousands of endpoints so they need to start working proactively instead of expecting us to do their work for them.

    To the CEO of Sophos: it really sad that we are relying on Nathan alone for information - he has been extremely helpful and deserves a bonus, a raise, time off and major kudos for his work. 

    :31363
Reply
  • 0

    Good Morning Nathan, nice to see you back. 

    Any idea if Sophos is working on a way to centrally clear the quaratine list on each endpoint? I know that is not how it is designed at the moment but many of us are looking at serious dollars in bringing in extra hands to do this. Let your engineers know:

    1) Each quarantine does need to be inspected prior to clearing the list in case anything else snuck in during this time period. 

    2) When you are looking a hundreds or thousands of endpoints, you are facing days of workstations without on-access protection and they are now vulnerable. 

    3) It is not feasible to ask users to clear the endpoints because of number 1) as well as they could well delete necessary files. 

    They need to remember many sites have hundreds to thousands of endpoints so they need to start working proactively instead of expecting us to do their work for them.

    To the CEO of Sophos: it really sad that we are relying on Nathan alone for information - he has been extremely helpful and deserves a bonus, a raise, time off and major kudos for his work. 

    :31363
Children
No Data