Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261247 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Hey,

    I have been reading through the forums this morning and trying a few different things to try and get things up and running.

    Couple of observations:

    • On the SEC, some of the clients who have quarantined items have the option "Update Computers Now" greyed out. There doesn't seem to be any rhyme nor reason to it. The reason I say this is because on some clients that have quarantined the Sophos files do not have this option greyed out, while others do. 
    • On the clients that had the option greyed out I manually tried some of the fixes in this thread and none returned the option. I ended up having to push just the Sophos agent out to these machines in order to get it working again.
      I wasn't able to fully confirm that the Sophos Update service was actually running. I saw a post saying that some people had discovered that the service wasn't actually running. After reading that I only had one more client who had the "Update Computers Now" greyed out and on this client in particular they had all the necessary services running.
    • Deleting the Quarantine.xml does not clear the machine from the SEC. Do we still need to do a manually acknowlegment from the SEC of the quarantined items?

    I have been able to confirm that our SUM has updated to the correct version (confirmed using the MD5). I have also been able to confirm that our clients have updated from the SUM correctly (confrimed again using the MD5). Is it enough to remove the Quarantine.xml and then do the manual acknowledgment?

    Cheers

    :31699
Reply
  • 0

    Hey,

    I have been reading through the forums this morning and trying a few different things to try and get things up and running.

    Couple of observations:

    • On the SEC, some of the clients who have quarantined items have the option "Update Computers Now" greyed out. There doesn't seem to be any rhyme nor reason to it. The reason I say this is because on some clients that have quarantined the Sophos files do not have this option greyed out, while others do. 
    • On the clients that had the option greyed out I manually tried some of the fixes in this thread and none returned the option. I ended up having to push just the Sophos agent out to these machines in order to get it working again.
      I wasn't able to fully confirm that the Sophos Update service was actually running. I saw a post saying that some people had discovered that the service wasn't actually running. After reading that I only had one more client who had the "Update Computers Now" greyed out and on this client in particular they had all the necessary services running.
    • Deleting the Quarantine.xml does not clear the machine from the SEC. Do we still need to do a manually acknowlegment from the SEC of the quarantined items?

    I have been able to confirm that our SUM has updated to the correct version (confirmed using the MD5). I have also been able to confirm that our clients have updated from the SUM correctly (confrimed again using the MD5). Is it enough to remove the Quarantine.xml and then do the manual acknowledgment?

    Cheers

    :31699
Children
No Data