Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261506 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    kurbycar32 wrote:

    Alphateam, give this a shot.  I posted it yesteday but these posts get buryied fast

    HOW I FIXED MY SUM (The slightly longer but easy way)

    1. Disable on access scanning on the server

    2. Launch the Setup.exe in here: C:\Program Files (x86)\Sophos\Enterprise Console\SUMInstaller (You will get errors)

    3. When the installer says it cant find the file search for the name here: C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    4. You will find the missing files with .000 appended to them

    5. Copy the files out of the infected folder to the path specified by the installer

    6. Hit retry, it will find your file

    7. Repeat for each file, my server needed i think 4 files restored.

    8. This will repair the SUM and start the service

    9. Use "Update Now" on your update manager in the enterprise console

    Please avoid disabling OnAccess scanning. We have a few reports now of customers that had previously unknown dormant Conficker infections or USB keys that had Conficker on them. They've recovered from the SHH false positive and found themselves battling a conficker infection again. I'm not trying to panic anyone, just be VERY careful if you're considering turning off the OnAccess scanner.

    :32397
Reply
  • 0
    kurbycar32 wrote:

    Alphateam, give this a shot.  I posted it yesteday but these posts get buryied fast

    HOW I FIXED MY SUM (The slightly longer but easy way)

    1. Disable on access scanning on the server

    2. Launch the Setup.exe in here: C:\Program Files (x86)\Sophos\Enterprise Console\SUMInstaller (You will get errors)

    3. When the installer says it cant find the file search for the name here: C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    4. You will find the missing files with .000 appended to them

    5. Copy the files out of the infected folder to the path specified by the installer

    6. Hit retry, it will find your file

    7. Repeat for each file, my server needed i think 4 files restored.

    8. This will repair the SUM and start the service

    9. Use "Update Now" on your update manager in the enterprise console

    Please avoid disabling OnAccess scanning. We have a few reports now of customers that had previously unknown dormant Conficker infections or USB keys that had Conficker on them. They've recovered from the SHH false positive and found themselves battling a conficker infection again. I'm not trying to panic anyone, just be VERY careful if you're considering turning off the OnAccess scanner.

    :32397
Children
No Data