Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261319 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    lucas wrote:

    I have a couple of questions about the Advisory 118311

    2. Windows Exclusions
    C:\Documents and Settings\All Users\Application Data\Sophos\
    C:\Program Files\Sophos\
    C:\Program Files (x86)\Sophos\
    C:\ProgramData\Sophos\
    Exclude Remote Files

    Why should we exclude remote files? Isn't a "remote file" any file on a UNC path? Would that block scanning of anything that's not a drive letter - such as DFS shares accessed through the UNC??

    3. Enable Live Protection within the 'Sophos Live Protection' option

    Why? I haven't had this enabled before, why do I need to do it now?

    Live Protection allows you to leverage our cloud feature where we've already flagged the detected files clean. This means that even if you don't have the fixed IDE, if the client does a cloud lookup of the detection (all SHH detections do cloud lookups) then the detection will be bypassed and no alert generated.

    IMO, excluding remote files shouldn't be necessary if the other steps are taken. I suspect it was included just to be thorough.

    :31835
Reply
  • 0
    lucas wrote:

    I have a couple of questions about the Advisory 118311

    2. Windows Exclusions
    C:\Documents and Settings\All Users\Application Data\Sophos\
    C:\Program Files\Sophos\
    C:\Program Files (x86)\Sophos\
    C:\ProgramData\Sophos\
    Exclude Remote Files

    Why should we exclude remote files? Isn't a "remote file" any file on a UNC path? Would that block scanning of anything that's not a drive letter - such as DFS shares accessed through the UNC??

    3. Enable Live Protection within the 'Sophos Live Protection' option

    Why? I haven't had this enabled before, why do I need to do it now?

    Live Protection allows you to leverage our cloud feature where we've already flagged the detected files clean. This means that even if you don't have the fixed IDE, if the client does a cloud lookup of the detection (all SHH detections do cloud lookups) then the detection will be bypassed and no alert generated.

    IMO, excluding remote files shouldn't be necessary if the other steps are taken. I suspect it was included just to be thorough.

    :31835
Children
No Data