Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261159 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    fghjgf wrote:

    Nathan - we've removed the Sophos anti-virus from our Exchange server because it would not autoupdate.  As a result we appear to have lost network connectivity.  The networks cards are there and appear correctly in control panel however we can't access the server from within the network and we can't see our SAN to load the LUNS.  We are seeing this behaviour on client machines as well.  I have not seen this symptom reported by anyone else - is it known and is there a solution?

    This is the first I've heard of this as well. It may be due to the LSP used for the Web Protection component. If rebooting didn't fix it, (the LSP stays in the stack until after a reboot when you uninstall, to avoid interuptions in connectivity) you can try a "netsh winsock reset". Be warned that it will remove any other LSPs you may use, and I can't guarantee it will work. I've had much success restoring corrupt network stacks with it in the past though, so I would definitely give it a go.

    You can confirm if this is likely the problem by running netsh winsock show catalog | findstr dll. If you see swi_ifslsp.dll in the list, then a winsock reset is your only recourse afaik.

    :31485
Reply
  • 0
    fghjgf wrote:

    Nathan - we've removed the Sophos anti-virus from our Exchange server because it would not autoupdate.  As a result we appear to have lost network connectivity.  The networks cards are there and appear correctly in control panel however we can't access the server from within the network and we can't see our SAN to load the LUNS.  We are seeing this behaviour on client machines as well.  I have not seen this symptom reported by anyone else - is it known and is there a solution?

    This is the first I've heard of this as well. It may be due to the LSP used for the Web Protection component. If rebooting didn't fix it, (the LSP stays in the stack until after a reboot when you uninstall, to avoid interuptions in connectivity) you can try a "netsh winsock reset". Be warned that it will remove any other LSPs you may use, and I can't guarantee it will work. I've had much success restoring corrupt network stacks with it in the past though, so I would definitely give it a go.

    You can confirm if this is likely the problem by running netsh winsock show catalog | findstr dll. If you see swi_ifslsp.dll in the list, then a winsock reset is your only recourse afaik.

    :31485
Children
No Data