Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261451 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Sophos,

    When can we expect a script/automated fix to address the issues for those who simply had the "Deny access only" set in their policies? I'm seeing scripts in the Advisory for the other sections, just not for "Deny access only" section. Maybe I'm missing something? Maybe one of the other scripts addresses this? Please let us know/update the Advisory with more information on this. Wish I had more time to go through the forums, but Sophos isn't the only fire I have to put out around here. :smileysad:

    Thanks in advance for your help/response.

    ________________________________________________

    Deny access only

    Note:     Enabling Sophos Live Protection (in step three above) should resolve the issue if your configuration is set to 'Deny access only'. We recommend allowing time for your endpoint computers to enable this option locally and report to the console before continuing below.

    1. Stop the Sophos Anti-Virus service (Start | Run | Type: services.msc | Press return).
    2. Delete the quarantine.xml file from:
      C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml
      or
      C:\ProgramData\Sophos\Sophos Anti-Virus\Config\Quarantine.xml
    3. Start the Sophos Anti-Virus service.
    4. Force an update on the computer.  To do this right-click on the Sophos shield and select 'Update now'. 
    5. If the update fails, then perform a reboot of the computer.
    :32231
Reply
  • 0

    Sophos,

    When can we expect a script/automated fix to address the issues for those who simply had the "Deny access only" set in their policies? I'm seeing scripts in the Advisory for the other sections, just not for "Deny access only" section. Maybe I'm missing something? Maybe one of the other scripts addresses this? Please let us know/update the Advisory with more information on this. Wish I had more time to go through the forums, but Sophos isn't the only fire I have to put out around here. :smileysad:

    Thanks in advance for your help/response.

    ________________________________________________

    Deny access only

    Note:     Enabling Sophos Live Protection (in step three above) should resolve the issue if your configuration is set to 'Deny access only'. We recommend allowing time for your endpoint computers to enable this option locally and report to the console before continuing below.

    1. Stop the Sophos Anti-Virus service (Start | Run | Type: services.msc | Press return).
    2. Delete the quarantine.xml file from:
      C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml
      or
      C:\ProgramData\Sophos\Sophos Anti-Virus\Config\Quarantine.xml
    3. Start the Sophos Anti-Virus service.
    4. Force an update on the computer.  To do this right-click on the Sophos shield and select 'Update now'. 
    5. If the update fails, then perform a reboot of the computer.
    :32231
Children
No Data