Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    Sophos,

    • Waiting to hear back from my rep.
    • Been in the queue for 51 minutes now.

      "Once you've tested this a few machines you can deploy the script using the deployment method of your choice. (Zenworks, PSEXEC, Altiris, etc.)"


      Here's my deal right now:
      I need to clear these alerts from Console and the associated Endpoints. New items are coming in, and this just needs to get back in control.

      I was originally planning on using PSEXEC and a batch file with instructions for FixUpdate.vbs. Problem with this is that I can't access network resources to fetch the FixUpdate.vbs without passing Admin Credentials in clear text.

      With testing, I have been able to pass the batch file over to a machine and launch it just fine using PSEXEC.


      My questions:
      Is there a way to pass multiple files (SophosFixUpdate.bat, FixUpdate.vbs, and the IDE) to multiple machines (computer listing built from the Console) using PSEXEC (without using Admin Creds) all in one command?

      Thoughts? Help? Suggestions?

      P.S. In reading the latest advisory, I noticed the following. Maybe the below (fpack.bat) takes care of both the alerts in both the Console AND the Endpoints? Please advise.

    "How do I clear existing console alerts?

    To clear all outstanding ‘‘‘‘ssh/’’’’ alerts from your console, we recommend to follow the steps below:

    1. Close Sophos Enterprise Console.
    2. Download the file ‘‘‘‘fpack.txt’’’’ to your management server.
    3. Rename the downloaded file to ‘‘‘‘fpack.bat’’’’.
    4. Run the batch file. If there are any errors running the tool they will be displayed.
    5. To check the alerts have been ‘‘‘‘Acknowledged’’’’ launch Enterprise Console and review the outstanding alerts.

    Alternatively you can use Enterprise Console to ‘‘‘‘Acknowledge’’’’ the alerts, to do so:

    1. Launch Enterprise Console.
    2. Click on the ‘‘‘‘Viruses/spyware’’’’ link on the Dashboard to switch the computer list view to display: ‘‘‘‘Managed computers with outstanding Virus/malware alerts’’’’.
    3. Select all computers (Ctrl-A).
    4. Right click and choose ‘‘‘‘Resolve Alerts and Errors…’’’’.
    5. Click on the ‘‘‘‘Name’’’’ column header to sort by alert name in order to group all ‘‘‘‘Shh/’’’’ detection entries together in the list.
    6. Select all ‘‘‘‘Shh/’’’’ detections then click ‘‘‘‘Acknowledge’’’’. ""
     
    :32781
Reply
  • 0

    Sophos,

    • Waiting to hear back from my rep.
    • Been in the queue for 51 minutes now.

      "Once you've tested this a few machines you can deploy the script using the deployment method of your choice. (Zenworks, PSEXEC, Altiris, etc.)"


      Here's my deal right now:
      I need to clear these alerts from Console and the associated Endpoints. New items are coming in, and this just needs to get back in control.

      I was originally planning on using PSEXEC and a batch file with instructions for FixUpdate.vbs. Problem with this is that I can't access network resources to fetch the FixUpdate.vbs without passing Admin Credentials in clear text.

      With testing, I have been able to pass the batch file over to a machine and launch it just fine using PSEXEC.


      My questions:
      Is there a way to pass multiple files (SophosFixUpdate.bat, FixUpdate.vbs, and the IDE) to multiple machines (computer listing built from the Console) using PSEXEC (without using Admin Creds) all in one command?

      Thoughts? Help? Suggestions?

      P.S. In reading the latest advisory, I noticed the following. Maybe the below (fpack.bat) takes care of both the alerts in both the Console AND the Endpoints? Please advise.

    "How do I clear existing console alerts?

    To clear all outstanding ‘‘‘‘ssh/’’’’ alerts from your console, we recommend to follow the steps below:

    1. Close Sophos Enterprise Console.
    2. Download the file ‘‘‘‘fpack.txt’’’’ to your management server.
    3. Rename the downloaded file to ‘‘‘‘fpack.bat’’’’.
    4. Run the batch file. If there are any errors running the tool they will be displayed.
    5. To check the alerts have been ‘‘‘‘Acknowledged’’’’ launch Enterprise Console and review the outstanding alerts.

    Alternatively you can use Enterprise Console to ‘‘‘‘Acknowledge’’’’ the alerts, to do so:

    1. Launch Enterprise Console.
    2. Click on the ‘‘‘‘Viruses/spyware’’’’ link on the Dashboard to switch the computer list view to display: ‘‘‘‘Managed computers with outstanding Virus/malware alerts’’’’.
    3. Select all computers (Ctrl-A).
    4. Right click and choose ‘‘‘‘Resolve Alerts and Errors…’’’’.
    5. Click on the ‘‘‘‘Name’’’’ column header to sort by alert name in order to group all ‘‘‘‘Shh/’’’’ detection entries together in the list.
    6. Select all ‘‘‘‘Shh/’’’’ detections then click ‘‘‘‘Acknowledge’’’’. ""
     
    :32781
Children
No Data