Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261462 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    SYSOP wrote:

    Nathan,

    Thanks for your response. I was referring to a script which would handle the automatic stopping/starting of services + removal of the quarantine file(s) for the affected endpoints... then a forced Update for each.

    Also, with the removal of the Quarantine file(s), how does this affect reporting? (Only asking here since I might not be the only one interested in this answer)

    Thanks again!

    The script in http://www.sophos.com/en-us/support/knowledgebase/118323.aspx will do what you're looking for. Please give that a go and let me know how you make out.

    As for the reporting question, clearing the items from the endpoint QM by deleting quarantine.xml won't clear them from SEC. So if you're looking for a way to determine how many machines were affected, that information will still be in the Console. Also, QC posted some SQL that will extract that from the database. Hope that answers your question.

    :32261
Reply
  • 0
    SYSOP wrote:

    Nathan,

    Thanks for your response. I was referring to a script which would handle the automatic stopping/starting of services + removal of the quarantine file(s) for the affected endpoints... then a forced Update for each.

    Also, with the removal of the Quarantine file(s), how does this affect reporting? (Only asking here since I might not be the only one interested in this answer)

    Thanks again!

    The script in http://www.sophos.com/en-us/support/knowledgebase/118323.aspx will do what you're looking for. Please give that a go and let me know how you make out.

    As for the reporting question, clearing the items from the endpoint QM by deleting quarantine.xml won't clear them from SEC. So if you're looking for a way to determine how many machines were affected, that information will still be in the Console. Also, QC posted some SQL that will extract that from the database. Hope that answers your question.

    :32261
Children
No Data