Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261462 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    kevinhcs wrote:

    Was wondering why a few of our customers were badly hit and some of our customers were at minimal or not hit at all by the false positive? 

    Our anti virus settings were unfortunately set to Delete and all had Live Protection turned on. What makes the difference some got hit and some not?

    Can anyone explain? Thanks!

    Lucky timing and Live Protection. The SHH detections trigger SXL lookups to our cloud servers if Live Protection is enabled. We were able to mark the detections as clean in the cloud quicker than we could deliver the IDE to correct the detection. So if someone were lucky enough to get the problem IDE after we had marked the detections clean in the cloud, then they wouldn't have experienced the false positive.

    :32253
Reply
  • 0
    kevinhcs wrote:

    Was wondering why a few of our customers were badly hit and some of our customers were at minimal or not hit at all by the false positive? 

    Our anti virus settings were unfortunately set to Delete and all had Live Protection turned on. What makes the difference some got hit and some not?

    Can anyone explain? Thanks!

    Lucky timing and Live Protection. The SHH detections trigger SXL lookups to our cloud servers if Live Protection is enabled. We were able to mark the detections as clean in the cloud quicker than we could deliver the IDE to correct the detection. So if someone were lucky enough to get the problem IDE after we had marked the detections clean in the cloud, then they wouldn't have experienced the false positive.

    :32253
Children
No Data