Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261600 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
Parents
  • 0

    @LINCK

    We must be talking about two different articles, no where in the article I am reading does it say that.

    http://www.sophos.com/en-us/support/knowledgebase/118338.aspx

    Following an unwanted detection the Sophos AutoUpdate component is no longer functioning. This is due to the files needed by Sophos AutoUpdate being deleted or moved as part of the clean-up action related to the false positive. This article explains how to setup a gpo script for Active Directory, which will allow the FixUpdate.vbs script to run on your network workstations.

    Known to apply to the following Sophos product(s) and version(s) Sophos Anti-Virus for Windows 2000+

    Operating systems Windows 2003 and above

    What To Do

    To enable this script to run, copy the FixUpdate.vbs script to a shared resource which your workstations can access. When the workstation starts the gpo startup script will use the FixUpdate script to correct the Sophos AutoUpdate installation.

    1. Download the FixUpdate.zip from article 118323.
    2. Extract the vbs script from the archive to the root of the SophosUpdate share. For example: \\SERVERNAME\SophosUpdate\
    3. Click Start | All Programs | Administrative Tools | Active Directory Users and Computer.      Or      Click Start | Run | Type: dsa.msc | Press return.
    4. Select the domain name from the left-hand tree.
    5. Right-click the domain name and select 'Properties'.
    6. Select the 'Group Policy' tab.
    7. Select 'New'.
    8. Enter a name for the new Group Policy object (GPO).  Example: GPO to deploy Sophos endpoint software via script.
    9. Select the new GPO and click 'Edit'.  The Group Policy Object Editor window will open.
    10. In the Group Policy Object Editor in the left pane, browse to Computer Configuration | Windows Settings | Scripts.
    11. On the right-hand side, double-click 'Startup'.
    12. In the 'Startup Properties' dialog box, click 'Show Files'.
    13. In the window that opens, right-click and select New | Text Document.
    14. Rename this file to 'GPOUpdateFix.bat'.
    15. Right-click on 'GPOUpdateFix.bat' and select 'Edit'.
    16. Edit the file as follows:
      Note: This is sample syntax which you may need to alter for your environment.
      @ECHO OFF xcopy \\servername\SophosUpdate\FixUpdate.vbs C:\Windows\Temp\      cscript //nologo C:\Windows\Temp\FixUpdate.vbs /FixIssues:true
    17. Save the GPOUpdateFix.bat
    18. Next time the workstation restarts and starts up the script will launch.
    :32847
Reply
  • 0

    @LINCK

    We must be talking about two different articles, no where in the article I am reading does it say that.

    http://www.sophos.com/en-us/support/knowledgebase/118338.aspx

    Following an unwanted detection the Sophos AutoUpdate component is no longer functioning. This is due to the files needed by Sophos AutoUpdate being deleted or moved as part of the clean-up action related to the false positive. This article explains how to setup a gpo script for Active Directory, which will allow the FixUpdate.vbs script to run on your network workstations.

    Known to apply to the following Sophos product(s) and version(s) Sophos Anti-Virus for Windows 2000+

    Operating systems Windows 2003 and above

    What To Do

    To enable this script to run, copy the FixUpdate.vbs script to a shared resource which your workstations can access. When the workstation starts the gpo startup script will use the FixUpdate script to correct the Sophos AutoUpdate installation.

    1. Download the FixUpdate.zip from article 118323.
    2. Extract the vbs script from the archive to the root of the SophosUpdate share. For example: \\SERVERNAME\SophosUpdate\
    3. Click Start | All Programs | Administrative Tools | Active Directory Users and Computer.      Or      Click Start | Run | Type: dsa.msc | Press return.
    4. Select the domain name from the left-hand tree.
    5. Right-click the domain name and select 'Properties'.
    6. Select the 'Group Policy' tab.
    7. Select 'New'.
    8. Enter a name for the new Group Policy object (GPO).  Example: GPO to deploy Sophos endpoint software via script.
    9. Select the new GPO and click 'Edit'.  The Group Policy Object Editor window will open.
    10. In the Group Policy Object Editor in the left pane, browse to Computer Configuration | Windows Settings | Scripts.
    11. On the right-hand side, double-click 'Startup'.
    12. In the 'Startup Properties' dialog box, click 'Show Files'.
    13. In the window that opens, right-click and select New | Text Document.
    14. Rename this file to 'GPOUpdateFix.bat'.
    15. Right-click on 'GPOUpdateFix.bat' and select 'Edit'.
    16. Edit the file as follows:
      Note: This is sample syntax which you may need to alter for your environment.
      @ECHO OFF xcopy \\servername\SophosUpdate\FixUpdate.vbs C:\Windows\Temp\      cscript //nologo C:\Windows\Temp\FixUpdate.vbs /FixIssues:true
    17. Save the GPOUpdateFix.bat
    18. Next time the workstation restarts and starts up the script will launch.
    :32847
Children
No Data