Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261473 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    Nathan wrote:
    SYSOP wrote:

    Nathan,

    Thanks for your response. I was referring to a script which would handle the automatic stopping/starting of services + removal of the quarantine file(s) for the affected endpoints... then a forced Update for each.

    Also, with the removal of the Quarantine file(s), how does this affect reporting? (Only asking here since I might not be the only one interested in this answer)

    Thanks again!

    The script in http://www.sophos.com/en-us/support/knowledgebase/118323.aspx will do what you're looking for. Please give that a go and let me know how you make out.

    As for the reporting question, clearing the items from the endpoint QM by deleting quarantine.xml won't clear them from SEC. So if you're looking for a way to determine how many machines were affected, that information will still be in the Console. Also, QC posted some SQL that will extract that from the database. Hope that answers your question.

    Thanks!
    (I prematurely responded earlier as I accidentally renamed the .zip to .vbs... thinking I needed to. These 15 hour days are eating away at my brain. HA! My apologies- deleted the post)

    Question: Will this handle things silently? I'm hoping to reduce the number of calls that may come in. If it doesn't, do you know how I can set it to do so?

    :32279
Reply
  • 0
    Nathan wrote:
    SYSOP wrote:

    Nathan,

    Thanks for your response. I was referring to a script which would handle the automatic stopping/starting of services + removal of the quarantine file(s) for the affected endpoints... then a forced Update for each.

    Also, with the removal of the Quarantine file(s), how does this affect reporting? (Only asking here since I might not be the only one interested in this answer)

    Thanks again!

    The script in http://www.sophos.com/en-us/support/knowledgebase/118323.aspx will do what you're looking for. Please give that a go and let me know how you make out.

    As for the reporting question, clearing the items from the endpoint QM by deleting quarantine.xml won't clear them from SEC. So if you're looking for a way to determine how many machines were affected, that information will still be in the Console. Also, QC posted some SQL that will extract that from the database. Hope that answers your question.

    Thanks!
    (I prematurely responded earlier as I accidentally renamed the .zip to .vbs... thinking I needed to. These 15 hour days are eating away at my brain. HA! My apologies- deleted the post)

    Question: Will this handle things silently? I'm hoping to reduce the number of calls that may come in. If it doesn't, do you know how I can set it to do so?

    :32279
Children
No Data