Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261600 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0
    JonathanC wrote:

    So there is a reasonably simple solution to stop the script running everytime a machine boots up, if the script has been deployed via group policy. When we tested this earlier we added these lines to the FixIssues.vbs script;

    dim objFSO : set objFSO = CreateObject("Scripting.FileSystemObject")

    dim objFile : set objFile = objFile.CreateTextFile("C:\Windows\temp\sophosmarker.txt")

    set objFSO = nothing

    set objFile = nothing

    You would then just need to add a check to see if the file exists at C:\Windows\temp\sophosmarker.txt and if it does exit the script. 

    This would mean that for instance if you have any remote users that don't access the netowrk to recieve a group policy update for 1/2 weeks, you can leave the group policy in place without effecting the end users repeatedly.

    Thanks!

    So is this something you've done? If so, how did you go about setting up a "checker" for that file? I'm clueless (ok not totally clueless) with scripting, and I'm in queue with our programming staff. Could be days before I get an answer from them.

    Thanks in advance for your help on this! Sent PM as well in case you aren't babysitting this thread. (Your PMessaging is turned off)

    <Pssst> Sophos:
    *Still waiting on an answer from you about my "fpack.bat" question.

    :32837
Reply
  • 0
    JonathanC wrote:

    So there is a reasonably simple solution to stop the script running everytime a machine boots up, if the script has been deployed via group policy. When we tested this earlier we added these lines to the FixIssues.vbs script;

    dim objFSO : set objFSO = CreateObject("Scripting.FileSystemObject")

    dim objFile : set objFile = objFile.CreateTextFile("C:\Windows\temp\sophosmarker.txt")

    set objFSO = nothing

    set objFile = nothing

    You would then just need to add a check to see if the file exists at C:\Windows\temp\sophosmarker.txt and if it does exit the script. 

    This would mean that for instance if you have any remote users that don't access the netowrk to recieve a group policy update for 1/2 weeks, you can leave the group policy in place without effecting the end users repeatedly.

    Thanks!

    So is this something you've done? If so, how did you go about setting up a "checker" for that file? I'm clueless (ok not totally clueless) with scripting, and I'm in queue with our programming staff. Could be days before I get an answer from them.

    Thanks in advance for your help on this! Sent PM as well in case you aren't babysitting this thread. (Your PMessaging is turned off)

    <Pssst> Sophos:
    *Still waiting on an answer from you about my "fpack.bat" question.

    :32837
Children
No Data