Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261451 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    Here are some instructions below if you would like to generate a list of affected Endpoints;

    What To Do

    1. On your Sophos Management server (assuming you are using the default local SQL instance) download the file: 'FpWithoutFix2.txt'. This example will use the location: 'C:\windows\temp\FpWithoutFix.txt'.
    2. In a command prompt type the following (all on one line):
      sqlcmd -E -S .\sophos -d SOPHOS51 -i C:\windows\temp\FpWithoutFix2.txt -o C:\windows\temp\FpWithoutFix2Report.txt 

      Where:
      .\sophos represents a local SQL instance called SOPHOS (the default).
      SOPHOS51 represents the database name as used by Enterprise Console 5.1.  A list of database names and console versions can be found here: 17323 .  Update the database name as required for your version of the console.
    3. Once the command completes, open 'C:\windows\temp\FpWithoutFixReport.txt' to see the computers which have 'agen-xuv.ide' but don't have 'javab-jd.ide'.  This list of computers should then be resolved as per 118311.

    Additionally if you wish to create a report of files where an action has been take, e.g. 'Deleted' or 'Moved'.  Download the file: 'FpMovedAndDeletedFiles2.txt' and run this using the same method as above.  I.e. using the command:

    sqlcmd -E -S .\sophos -d SOPHOS51 -i C:\windows\temp\FpMovedAndDeletedFiles2.txt -o C:\windows\temp\FpMovedAndDeletedFiles2Report.txt

    Hope ths helps.

    Scott

    :32203
Reply
  • 0

    Hello,

    Here are some instructions below if you would like to generate a list of affected Endpoints;

    What To Do

    1. On your Sophos Management server (assuming you are using the default local SQL instance) download the file: 'FpWithoutFix2.txt'. This example will use the location: 'C:\windows\temp\FpWithoutFix.txt'.
    2. In a command prompt type the following (all on one line):
      sqlcmd -E -S .\sophos -d SOPHOS51 -i C:\windows\temp\FpWithoutFix2.txt -o C:\windows\temp\FpWithoutFix2Report.txt 

      Where:
      .\sophos represents a local SQL instance called SOPHOS (the default).
      SOPHOS51 represents the database name as used by Enterprise Console 5.1.  A list of database names and console versions can be found here: 17323 .  Update the database name as required for your version of the console.
    3. Once the command completes, open 'C:\windows\temp\FpWithoutFixReport.txt' to see the computers which have 'agen-xuv.ide' but don't have 'javab-jd.ide'.  This list of computers should then be resolved as per 118311.

    Additionally if you wish to create a report of files where an action has been take, e.g. 'Deleted' or 'Moved'.  Download the file: 'FpMovedAndDeletedFiles2.txt' and run this using the same method as above.  I.e. using the command:

    sqlcmd -E -S .\sophos -d SOPHOS51 -i C:\windows\temp\FpMovedAndDeletedFiles2.txt -o C:\windows\temp\FpMovedAndDeletedFiles2Report.txt

    Hope ths helps.

    Scott

    :32203
Children
No Data