Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261265 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    Andrew8359 wrote:

    The QM is just a list of items that the engine detected on. Clearing the QM doesn't take any action on the files, so if for example the files were moved to the INFECTED folder and you cleared the QM, the files would still be in the INFECTED folder.

    If legitmately infected files are cleared from the QM, the engine will detect them again the next time they are accessed and add a fresh entry to the QM for them.

    Nathan, assuming the "infected" files were not moved but were disabled in place, what then is proper procedure to remove them from quarantine and allow the software updates to run again?


    To restore usability of the files, you just need to get the systems updated with javab-jd.ide. The items will still show in the QM after getting the fixed IDE on the system, but the files will no longer be blocked by the scanner. Clearing the QM entries isn't necessary at all really, except from a cosmetic pov.

    :31725
Reply
  • 0
    Andrew8359 wrote:

    The QM is just a list of items that the engine detected on. Clearing the QM doesn't take any action on the files, so if for example the files were moved to the INFECTED folder and you cleared the QM, the files would still be in the INFECTED folder.

    If legitmately infected files are cleared from the QM, the engine will detect them again the next time they are accessed and add a fresh entry to the QM for them.

    Nathan, assuming the "infected" files were not moved but were disabled in place, what then is proper procedure to remove them from quarantine and allow the software updates to run again?


    To restore usability of the files, you just need to get the systems updated with javab-jd.ide. The items will still show in the QM after getting the fixed IDE on the system, but the files will no longer be blocked by the scanner. Clearing the QM entries isn't necessary at all really, except from a cosmetic pov.

    :31725
Children
No Data