Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261418 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Hello NikolaFBA,

    look at the Anti-Virus details in SEC's endpoint view. Check the column IDEs (right now the number is 291) as well as Detection data (which should be 4.81). When SEC downloads updates it makes note of the resulting "package", the time it was built and its contents. When the clients report their status SEC looks up the number to find a matching package (this is where it gets the Not since ... information from). If it doesn't find a matching package description the status is Unknown.

    Do the Unknown clients report more or less IDEs than the Yes ones? I assume the former due to an "orphaned" IDE. Usually this corrects itself in one of the next updates (i.e. when actually new IDEs are downloaded).

    Christian

    :32109
Reply
  • 0

    Hello NikolaFBA,

    look at the Anti-Virus details in SEC's endpoint view. Check the column IDEs (right now the number is 291) as well as Detection data (which should be 4.81). When SEC downloads updates it makes note of the resulting "package", the time it was built and its contents. When the clients report their status SEC looks up the number to find a matching package (this is where it gets the Not since ... information from). If it doesn't find a matching package description the status is Unknown.

    Do the Unknown clients report more or less IDEs than the Yes ones? I assume the former due to an "orphaned" IDE. Usually this corrects itself in one of the next updates (i.e. when actually new IDEs are downloaded).

    Christian

    :32109
Children
No Data