Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261589 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    So there is a reasonably simple solution to stop the script running everytime a machine boots up, if the script has been deployed via group policy. When we tested this earlier we added these lines to the FixIssues.vbs script;

    dim objFSO : set objFSO = CreateObject("Scripting.FileSystemObject")

    dim objFile : set objFile = objFile.CreateTextFile("C:\Windows\temp\sophosmarker.txt")

    set objFSO = nothing

    set objFile = nothing

    You would then just need to add a check to see if the file exists at C:\Windows\temp\sophosmarker.txt and if it does exit the script. 

    This would mean that for instance if you have any remote users that don't access the netowrk to recieve a group policy update for 1/2 weeks, you can leave the group policy in place without effecting the end users repeatedly.

    :32803
Reply
  • 0

    So there is a reasonably simple solution to stop the script running everytime a machine boots up, if the script has been deployed via group policy. When we tested this earlier we added these lines to the FixIssues.vbs script;

    dim objFSO : set objFSO = CreateObject("Scripting.FileSystemObject")

    dim objFile : set objFile = objFile.CreateTextFile("C:\Windows\temp\sophosmarker.txt")

    set objFSO = nothing

    set objFile = nothing

    You would then just need to add a check to see if the file exists at C:\Windows\temp\sophosmarker.txt and if it does exit the script. 

    This would mean that for instance if you have any remote users that don't access the netowrk to recieve a group policy update for 1/2 weeks, you can leave the group policy in place without effecting the end users repeatedly.

    :32803
Children
No Data