Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261622 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    Hello Sophos

    This error is constant in multiple machines:

    SAU reinstallation failure: 1603

    See the log:

    --

    Write IDE that fixes the issue
    SAU files missing from the program files directory
    Writing false positive detections list to .\2012-9-26_12-21-33_#PCCOL_EJE02#_001-FalsePosAll.txt
    Writing false positive moved list to .\2012-9-26_12-21-33_#PCCOL_EJE02#_002-FalsePosMoved.txt
    Writing false positive moved to restore list to .\2012-9-26_12-21-33_#PCCOL_EJE02#_003-ToRestoreMoved.txt
    Writing false positive deleted list to .\2012-9-26_12-21-33_#PCCOL_EJE02#_004-FalsePosDeleted.txt
    Writing false positive deleted to restore list to .\2012-9-26_12-21-33_#PCCOL_EJE02#_005-ToRestoreDeleted.txt
    No other files need to be moved back
    SAU files still missing after restoring moved files
    SAV files missing from the program files or common application data directories
    Restoring missing SAU files from the local cache
    Repairing SAU using 'Sophos AutoUpdate.msi'
    SAU reinstallation failure: 1603
    Starting SAV service
    Update was not triggered due to an earlier failure

    --

    How to solve this troubble?

    Regards

    Linck Tello Flores

    www.innovare.pe

    :33161
  • 0

    I'm running FixUpdate.vbs on many machines remotely, and the script isn't working.  I want to review the results of the script log to troubleshoot, but I cannot use a redirect (>output.log) due to my deployment method (zenworks).  I suppose with some effort I could modify FixUpdate.vbs to output directly to a log file, but if the script is updated I'll have to do it all over again, every time.  Is there another way?  Will the script generate a log file of its actions without a redirect (>output.log) on the command line?

    TIA

    :33169
  • 0

    HI,

    I would do as follows:

    1. under the line "Option Explict" at the top add:

    Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
    Dim objLogFile: Set objLogFile = objFSO.CreateTextFile("log.txt")

    2. Then find the function: LogMsg (around line 1000) and change it to:

    Function LogMsg( strMsg )
       objLogFile.Writeline strMsg
    End Function

    That should do it.  Change log.txt to any location/file/

    Should really add:

    objLogFile.close

    at the end of the "Main" function as well

    Regards,

    Jak

    :33173
  • 0

    Thanks Jak, that worked perfectly.  So now I know the error:

    SAU files still missing after restoring moved files
    SAV files missing from the program files or common application data directories
    Script encountered an error, details:
    Number = 0x80070005
    Description = Access is denied.

    Other clients are connecting fine, so the username/password for the CID has not changed.  I previous ran SUMUpdateIDEFix.zip successfully.  Any ideas?

    :33179
  • 0

    HI,

    If you set at the top of the script (in the 'Global variables section):

    Dim g_verbose: g_verbose = true

    Maybe the extra logging will be in the part that's failing?

    Regards,

    Jak

    :33181
  • 0

    Okay I did that, and now I see:

    Could not access servername/.../SAVSCFXP, error 0x80070005 : Access is denied.

    Configured CID 'servername/.../SAVSCFXP' is not accessible

    I substituted "servername" but the real CID is correct.  I tried copying the AutoUpdate dir from the CID and I restarted the script but the results are exactly the same.

    :33183
  • 0

    How about:

    cscript FixUpdate.vbs /fixIssues:true /usesophoscid:true

    Also worth getting the latest version (6.4 at time of post) from:

    http://downloads.sophos.com/tools/FixUpdate.zip

    Does the above command work on one of these machines?

    What is the exact command you are running?  I assume the vbs file runs with as a user with read access to that web location?

    Regards,

    Jak

    :33189
  • 0

    Even though the script returns the above errors the agents are now connecting to the sophos server.  They have not connected since the problem started last week, so I think it is working!  The fpc.bat utility no longer reports the machines I have tested as having the problem.  Thanks for your quick help, especially the log portion of the vbs script.  That was the key for me!

    :33193
  • 0

    Glad to hear you're ok again!

    :33195
  • 0

    We still have many systems with the following error in Sophos Enterprise Console.

    Uninstall of Sophos AutoUpdate failed.

    :33287