Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    ALMon unable to load resource (fix)

    We had a policy that denied then moved AutoUpdater directory files.

    Our procedure:

    1. stop antivirus

    2. stop antivirus reporter

    3. stop autoupdater

    4. taskmanger kill any ALMon processes in memory, there may be more than one if you have multiple remote RDP sessions

    5. travel to "C:\Program Files (x86)\Sophos"

    6. rename AutoUpdate to AutoUpdate2

    7. copy the same directory from a like bitness system (32 bit or 64 bit) 

    8. restart the service "Sophos AutoUpdate Service"

    9. travel back to  "C:\Program Files (x86)\Sophos\AutoUpdate"

    A. double click the ALMon.exe to restore a shield in the systray

    B. right click the shield in the systray and select "Update Now"

    The updater will pull the latest definitions from the source and restart most services including antivirus automatically.

    This had the advantage of (a) didn't have to download the entire installer ~150 MB  only had to copy about 11 MB (b) didn't have to reconfigure the station in the console to put it in a proper group (c) didn't have to reboot the system (d) didn't have to uninstall anything

     confirmed as working on win2008r2 and win7x64

    :31957
Reply
  • 0

    ALMon unable to load resource (fix)

    We had a policy that denied then moved AutoUpdater directory files.

    Our procedure:

    1. stop antivirus

    2. stop antivirus reporter

    3. stop autoupdater

    4. taskmanger kill any ALMon processes in memory, there may be more than one if you have multiple remote RDP sessions

    5. travel to "C:\Program Files (x86)\Sophos"

    6. rename AutoUpdate to AutoUpdate2

    7. copy the same directory from a like bitness system (32 bit or 64 bit) 

    8. restart the service "Sophos AutoUpdate Service"

    9. travel back to  "C:\Program Files (x86)\Sophos\AutoUpdate"

    A. double click the ALMon.exe to restore a shield in the systray

    B. right click the shield in the systray and select "Update Now"

    The updater will pull the latest definitions from the source and restart most services including antivirus automatically.

    This had the advantage of (a) didn't have to download the entire installer ~150 MB  only had to copy about 11 MB (b) didn't have to reconfigure the station in the console to put it in a proper group (c) didn't have to reboot the system (d) didn't have to uninstall anything

     confirmed as working on win2008r2 and win7x64

    :31957
Children
No Data