Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    VEL wrote:

    It appears those errors stopped the other night. Not sure why.

    About half of my clients are not updating now. I have manually forced an update on the Update Managers and also manually forced updates on some of the clients and they are still reporting back that they haven't updated in 48+ hours.

    I have re-installed the software on some of these computers and it still reports back this way.

    Any ideas?

    Hi VEL,

    Were these new installations pushed from the Enterprise Console? If so, I'd start from the top.. confirm that the Update Manager is actually updating (check within the update managers view in the Enterprise Console). You can also find the locations that Update Manager is updating within the Enterprise Console under the menu option 'View | Bootstrap Loactions'. Within each of these locations check to see that files have been modified within the last 48 hours (if not then concentrate on the update manager).

    Assuming the files have been updated in the last 48 hours then concentrate on the endpoints, check to see which path they are updating from by opening Sophos Endpoint Security and Control and selecting 'Configure Updating'. Although you may not be able to perform any edits from here, you should be able to see the 'address' that it is attempting to update from. Double check to confirm it matches one of the bootstrap locations from above.

    Hopefully this will get you on the right track.

    Luke

    :32777
Reply
  • 0
    VEL wrote:

    It appears those errors stopped the other night. Not sure why.

    About half of my clients are not updating now. I have manually forced an update on the Update Managers and also manually forced updates on some of the clients and they are still reporting back that they haven't updated in 48+ hours.

    I have re-installed the software on some of these computers and it still reports back this way.

    Any ideas?

    Hi VEL,

    Were these new installations pushed from the Enterprise Console? If so, I'd start from the top.. confirm that the Update Manager is actually updating (check within the update managers view in the Enterprise Console). You can also find the locations that Update Manager is updating within the Enterprise Console under the menu option 'View | Bootstrap Loactions'. Within each of these locations check to see that files have been modified within the last 48 hours (if not then concentrate on the update manager).

    Assuming the files have been updated in the last 48 hours then concentrate on the endpoints, check to see which path they are updating from by opening Sophos Endpoint Security and Control and selecting 'Configure Updating'. Although you may not be able to perform any edits from here, you should be able to see the 'address' that it is attempting to update from. Double check to confirm it matches one of the bootstrap locations from above.

    Hopefully this will get you on the right track.

    Luke

    :32777
Children
No Data