Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.
DAE wrote:My question is will there be a "One Stop Shop" exe file to fix this error instead of going threw multiple steps which might not even work. If so when? I'm sure everyone here would like to know. Thank you.
We have several scripts available now that, while they aren't a "One Stop Shop" as you put it, the steps are relatively few, easy to script, and largely affective. Please be sure to regularly check the advisory KBA for any new tools and directions as they become available.
Nathan wrote:
al04 wrote:The pushd is to make a temporary drive to that server and the popd is dt release it when finished.
So those options work for you if you run them manually rather than through a script? I ask because I attempted that on my test rig and couldn't get the pushd option to work.
On edit: Instead of using the pushd/popd options, try supplying the full UNC path to the VBS and see if that works better for you.
I am able to use the pushd options but I am still getting an error on the line RestoreCacheFilesfromCID-SAUreinstall action failure:1622. I have looked on other fourms about this error and there is nothing. I have been working on this problem for the last two days and I'm getting very frustrated. :smileymad:
al04 wrote:
Nathan wrote:
al04 wrote:The pushd is to make a temporary drive to that server and the popd is dt release it when finished.
So those options work for you if you run them manually rather than through a script? I ask because I attempted that on my test rig and couldn't get the pushd option to work.
On edit: Instead of using the pushd/popd options, try supplying the full UNC path to the VBS and see if that works better for you.I am able to use the pushd options but I am still getting an error on the line RestoreCacheFilesfromCID-SAUreinstall action failure:1622. I have looked on other fourms about this error and there is nothing. I have been working on this problem for the last two days and I'm getting very frustrated. :smileymad:
I can appreciate your frustration. Unfortunately, this is the only report I've seen with the error 1622. I know it works without the pushd option, thus why I wanted to remove that variable from the equation. It isn't necessary to use the pushd option if you supply the full path to the script file when you call it with cscript. Can you give that a try please and let me know if you make any progress? Meanwhile I'll check with the developer of the script to see if they have any other ideas.
Nathan wrote:
al04 wrote:
Nathan wrote:
al04 wrote:The pushd is to make a temporary drive to that server and the popd is dt release it when finished.
So those options work for you if you run them manually rather than through a script? I ask because I attempted that on my test rig and couldn't get the pushd option to work.
On edit: Instead of using the pushd/popd options, try supplying the full UNC path to the VBS and see if that works better for you.I am able to use the pushd options but I am still getting an error on the line RestoreCacheFilesfromCID-SAUreinstall action failure:1622. I have looked on other fourms about this error and there is nothing. I have been working on this problem for the last two days and I'm getting very frustrated. :smileymad:
I can appreciate your frustration. Unfortunately, this is the only report I've seen with the error 1622. I know it works without the pushd option, thus why I wanted to remove that variable from the equation. It isn't necessary to use the pushd option if you supply the full path to the script file when you call it with cscript. Can you give that a try please and let me know if you make any progress? Meanwhile I'll check with the developer of the script to see if they have any other ideas.
How did you get it to work with the cscript?
al04 wrote:
Nathan wrote:
al04 wrote:
Nathan wrote:
al04 wrote:The pushd is to make a temporary drive to that server and the popd is dt release it when finished.
So those options work for you if you run them manually rather than through a script? I ask because I attempted that on my test rig and couldn't get the pushd option to work.
On edit: Instead of using the pushd/popd options, try supplying the full UNC path to the VBS and see if that works better for you.I am able to use the pushd options but I am still getting an error on the line RestoreCacheFilesfromCID-SAUreinstall action failure:1622. I have looked on other fourms about this error and there is nothing. I have been working on this problem for the last two days and I'm getting very frustrated. :smileymad:
I can appreciate your frustration. Unfortunately, this is the only report I've seen with the error 1622. I know it works without the pushd option, thus why I wanted to remove that variable from the equation. It isn't necessary to use the pushd option if you supply the full path to the script file when you call it with cscript. Can you give that a try please and let me know if you make any progress? Meanwhile I'll check with the developer of the script to see if they have any other ideas.
How did you get it to work with the cscript?
Hi,
I was stumped by the 1622 message, as that is from Windows Installer and means that it can't write the install log. I thought that the install log was going to the default %windir%\temp location, but the developer tells me that the log is actually written to the current working directory. IE, your network share. I presume the share is read-only? That might explain it. We're looking at changing that behavior in a future update to the script. Could take a little time for that to happen though, so for now maybe copy the script file and ide file to a local directory before calling it with cscript?
Sorry for not catching that earlier!
I just got into this discussion and was wondering if anything had been posted for my situation. On our server, it appears the Sophos Enterprise Console is updating and when we push out to clients, so far, they have responded well and the icon comes back and the "appear" to be updated and fine. The problem is that on the server itself, the local Sophos icon is gone, and ALmon.exe keeps popping up during login saying there was an error. There are no files in the quarantine, but the logs do show that almonres.dll was deleted in the AutoUpdate folder before we were able to switch the policy over to Deny Access Only. I have been combing the emails sent out to us by our Sophos rep, users on campus, and this extensively long thread in the forum, but I am confused as to what is the fix in this case.
Ok,
I don't mean to just cut in here, but this Sophos issue has cause major problems.
Sophos on the client side is killing Quickbooks and Solidworks installations on workstations and now to top it all off the Control Center cannot start and comes up with a "Management Server Connection Failed"
I have no idea what to do and if I use the auto update fix it just turns sophos back on on my user workstations and begins killing itself and the two previously mentioned programs.
Does anyone have a fix for this or am I screwed and do I need to uninstall the control center and start over and install the control center and 30+ workstations.
Thank You
Good question! I was in the same boat as you, till I lost faith and began down the road of scripts. What Sophos doesn't understand that some of us use MS direct access for our remote endpoints. Pushing out a generic script does not translate well using IPv4 tunneling IPv6 packets. It has been a serious pain in the **bleep** here.
Di-Ankh wrote:Would this be an answer for my issue? Not sure if this applies to Windows 2003 server or not...
http://www.sophos.com/en-us/support/knowledgebase/118323.aspx
Hi,
Yes, I would give that a go. Please let me know if you have any trouble with it.
