Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261429 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Hello Pjgfi,

    there is no such thing as false positives as far as QM is concerned. You might argue it should have a list of detections where cleanup was not available and move or delete has been specified. But then you've told it explicitly to perform an action in this case - remember, the recommended setting is Deny access only. Move can break things but is useful if you want to collect samples or avoid repeated alerts. Delete should really only be used on machines which you can restore easily, in a scheduled job or in case of an outbreak.

    Christian

    :32123
Reply
  • 0

    Hello Pjgfi,

    there is no such thing as false positives as far as QM is concerned. You might argue it should have a list of detections where cleanup was not available and move or delete has been specified. But then you've told it explicitly to perform an action in this case - remember, the recommended setting is Deny access only. Move can break things but is useful if you want to collect samples or avoid repeated alerts. Delete should really only be used on machines which you can restore easily, in a scheduled job or in case of an outbreak.

    Christian

    :32123
Children
No Data