Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    dreec wrote:

    Hi Nathan,

    I have done as per your instructions.

    The agen-xuv.ide file is not present (I think I deleted that at about 0930 this morning), but I did check!

    I can get clients to update FROM the SEC i.e. I can push down policies to disable on-access scanning & to re-enable again. 

    From clients I can update TO the SEC i.e. I can click "update now" and the clients happily go off and have no updates to bring down. Because .........

    I cannot update from SOPHOS to update my SEC in order for the clients to be updated with the javab-jd.ide file.

    I hope I'm not being a pain here, but did you delete agen-xuv.ide and restart savservice on the SEC/SUM server prior to having SUM perform an update? Can you confirm if \\server\sophos update\cids\s000\savscfxp\savxp contains the javab-jd.ide file? (note that your S000 may be different. checking the endpoint updating policy to confirm) It sounds like SUM hasn't pulled the new file down. Are you still getting software delivery failed messages on your SUM?

    :31687
Reply
  • 0
    dreec wrote:

    Hi Nathan,

    I have done as per your instructions.

    The agen-xuv.ide file is not present (I think I deleted that at about 0930 this morning), but I did check!

    I can get clients to update FROM the SEC i.e. I can push down policies to disable on-access scanning & to re-enable again. 

    From clients I can update TO the SEC i.e. I can click "update now" and the clients happily go off and have no updates to bring down. Because .........

    I cannot update from SOPHOS to update my SEC in order for the clients to be updated with the javab-jd.ide file.

    I hope I'm not being a pain here, but did you delete agen-xuv.ide and restart savservice on the SEC/SUM server prior to having SUM perform an update? Can you confirm if \\server\sophos update\cids\s000\savscfxp\savxp contains the javab-jd.ide file? (note that your S000 may be different. checking the endpoint updating policy to confirm) It sounds like SUM hasn't pulled the new file down. Are you still getting software delivery failed messages on your SUM?

    :31687
Children
No Data