Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261341 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    AndreLtbg wrote:

    I checked the computer details and the clients did check in with the console. I ran the batch file against a few different machines and forced a reboot afterwards, so far the console is still showing the virus alerts even after the clients checked in after the reboot.

    My apologies. I forgot a key bit. The QM has a routine that sends a  status message to SEC to clear the alert on the SEC side after the endpoint QM has been cleared. This doesn't happen when quarantine.xml is deleted manually. Therefore, ackwnowledging the alerts on the SEC side is also required. My apologies for the earlier mis-information!

    You should be able to select a group of clients, then right click and select Resolve Alerts and Errors. All clients will be displayed. Click Select All then Acknowledge and they should all clear from SEC.

    :31879
Reply
  • 0
    AndreLtbg wrote:

    I checked the computer details and the clients did check in with the console. I ran the batch file against a few different machines and forced a reboot afterwards, so far the console is still showing the virus alerts even after the clients checked in after the reboot.

    My apologies. I forgot a key bit. The QM has a routine that sends a  status message to SEC to clear the alert on the SEC side after the endpoint QM has been cleared. This doesn't happen when quarantine.xml is deleted manually. Therefore, ackwnowledging the alerts on the SEC side is also required. My apologies for the earlier mis-information!

    You should be able to select a group of clients, then right click and select Resolve Alerts and Errors. All clients will be displayed. Click Select All then Acknowledge and they should all clear from SEC.

    :31879
Children
No Data