Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.
Hi,
I'm getting what I'm sure is a really obvious error to someone who understands completely, I'd really appreciate some help.
I've got the FixUpdate.vbs script called form a batchfile and when I run it locally (ie: on the command line of the host PC) it runs OK.
When I run it through psexec, I get "CID passed at command line is inaccessible, arguement value is \\*svrname\SophosUpdate\CIDs\S000\SAVSCFXP\savxp"
As I said, run the .bat on the client and it works perfectly. I'm sure it's something simple. Thanks
In advance
Aaron
Nathan wrote:
SYSOP wrote:Nathan,
Thanks for your response. I was referring to a script which would handle the automatic stopping/starting of services + removal of the quarantine file(s) for the affected endpoints... then a forced Update for each.
Also, with the removal of the Quarantine file(s), how does this affect reporting? (Only asking here since I might not be the only one interested in this answer)
Thanks again!The script in http://www.sophos.com/en-us/support/knowledgebase/118323.aspx will do what you're looking for. Please give that a go and let me know how you make out.
As for the reporting question, clearing the items from the endpoint QM by deleting quarantine.xml won't clear them from SEC. So if you're looking for a way to determine how many machines were affected, that information will still be in the Console. Also, QC posted some SQL that will extract that from the database. Hope that answers your question.
Thanks!
(I prematurely responded earlier as I accidentally renamed the .zip to .vbs... thinking I needed to. These 15 hour days are eating away at my brain. HA! My apologies- deleted the post)
Question: Will this handle things silently? I'm hoping to reduce the number of calls that may come in. If it doesn't, do you know how I can set it to do so?
AaronColeman wrote:Hi,
I'm getting what I'm sure is a really obvious error to someone who understands completely, I'd really appreciate some help.
I've got the FixUpdate.vbs script called form a batchfile and when I run it locally (ie: on the command line of the host PC) it runs OK.
When I run it through psexec, I get "CID passed at command line is inaccessible, arguement value is \\*svrname\SophosUpdate\CIDs\S000\SAVSCFXP\savxp"
As I said, run the .bat on the client and it works perfectly. I'm sure it's something simple. Thanks
In advance
Aaron
Is *svrname a variable that you put in the post to obfuscate the true server name?
Anyway, others have posted similar things as I recall. Try calling the VBS through a batch file instead of directly and see if that works a little better for you.
SYSOP wrote:
Nathan wrote:
SYSOP wrote:Nathan,
Thanks for your response. I was referring to a script which would handle the automatic stopping/starting of services + removal of the quarantine file(s) for the affected endpoints... then a forced Update for each.
Also, with the removal of the Quarantine file(s), how does this affect reporting? (Only asking here since I might not be the only one interested in this answer)
Thanks again!The script in http://www.sophos.com/en-us/support/knowledgebase/118323.aspx will do what you're looking for. Please give that a go and let me know how you make out.
As for the reporting question, clearing the items from the endpoint QM by deleting quarantine.xml won't clear them from SEC. So if you're looking for a way to determine how many machines were affected, that information will still be in the Console. Also, QC posted some SQL that will extract that from the database. Hope that answers your question.Thanks!
(I prematurely responded earlier as I accidentally renamed the .zip to .vbs... thinking I needed to. These 15 hour days are eating away at my brain. HA! My apologies- deleted the post)
Question: Will this handle things silently? I'm hoping to reduce the number of calls that may come in. If it doesn't, do you know how I can set it to do so?
I'm not sure if it runs silently or not. Might also depend on how you call it too. I'm sorry I can't say more definitively, I haven't been able to test that myself to know.
Hi Nathan - we are using a batch file with the vbs on each XP endpoint - it does work as an administrator (we have given up on all other ways of rolling it out) - sometimes it works straight off, sometimes there is a repeating msiexec installation going on in the background (the faulty sophos update?) - is there an easy way to stop the old (repeating) msi ? we get there eventually but it is taking up a lot of our time.
Good work by the way - learned a lot from this thread.
I am getting an error when I run my bat file. The error is RestoreCacheFiles from CID SAU reinstall action Failure:1622. Here is what is all in my bat file:
@ECHO ON REM --- Fix for sophos
xcopy \\servername\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\*.*"C:\ProgramData\Sophos\AutoUpdate\" /s /y
pushd \\servername\ZENAPPS\sophos\Agen-xuvIssue
cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\dbqwsus\SophosUpdate\CIDs\S000\SAVSCFXP /updateNow:true
popd
Any help would be great. I am running this on Windows 7 machines.
drdos256 wrote:Hi Nathan - we are using a batch file with the vbs on each XP endpoint - it does work as an administrator (we have given up on all other ways of rolling it out) - sometimes it works straight off, sometimes there is a repeating msiexec installation going on in the background (the faulty sophos update?) - is there an easy way to stop the old (repeating) msi ? we get there eventually but it is taking up a lot of our time.
Good work by the way - learned a lot from this thread.
Perhaps call taskkill /IM msiexec.exe in your batch file prior to executing the script? I would suggest a logic check to see if that is necessary so the batch file doesn't error out if the process isn't found.
al04 wrote:I am getting an error when I run my bat file. The error is RestoreCacheFiles from CID SAU reinstall action Failure:1622. Here is what is all in my bat file:
@ECHO ON REM --- Fix for sophos
xcopy \\servername\SophosUpdate\CIDs\S000\SAVSCFXP\sau\program files\Sophos\AutoUpdate\*.*"C:\ProgramData\Sophos\AutoUpdate\" /s /y
pushd \\servername\ZENAPPS\sophos\Agen-xuvIssue
cscript //nologo FixUpdate.vbs /fixIssues:true /cid:\\dbqwsus\SophosUpdate\CIDs\S000\SAVSCFXP /updateNow:true
popd
Any help would be great. I am running this on Windows 7 machines.
Might be an already running msiexec.exe process. Can you post a screen shot of the output when the script is run and this error is encountered? Also, I'm not sure why you are doing a xcopy to the local directory prior to calling the script. The script will pull the files needed to repair SAU from the path declared in the /cid: switch. It seems to me like you have a redundant, time consuming step in there doing the xcopy first.
