Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    I agree. My irritation is growing rapidly. I have yet to hear anything back from tech support regarding this and its resolution

    :30387
  • 0

    So Sophos HAS released updated binaries to resolve this?

    When I manually update I'm still sitting at version 1.3.2.176..

    :30389
  • 0

    havoc64, please try the steps I mentioned previously. I'm working on finding a more elegant workaround, but for now that is your best option. It won't work if the cleanup option was "delete" or "move". If you used "move" put the files back and try the workaround I mentioned.

    :30391
  • 0

    I just disabled on access scanning when we were told false positives. An update came through around 30 minutes ago, and automatically propogated out to all clients. I turned on access scanning back on, acknowledged the warnings and all seems OK now. No need to manually re-install.

    Big mess, but does seem resolved with no harm done for me. Hope everyone else can say the same!!

    :30393
  • 0

    Nathan,

    We run the MSP hosted platform, and all our customers have been affected.

    We DO have the option set to MOVE files that cannot be cleaned.

    This has even affected our own enterprise manager and Update manager servers, they are quarantining files in the warehouse.

    It is NOT an option to re-deploy the clients to fix this as they are spread across multiple sites, and only communicate back to our datacentre over the internet, there are NO VPN's to use to push out a fix.

    Sophos MUST create a fix-it tool that will automatically be downloaded and run by all computers!

    :30395
  • 0

    havoc64, please try the steps I mentioned previously. I'm working on finding a more elegant workaround, but for now that is your best option. It won't work if the cleanup option was "delete" or "move". If you used "move" put the files back and try the workaround I mentioned.

    Is that on the server that I try your steps or on each workstation???

    :30399
  • 0

    How do I get my Software Update Manager to download this latest update? It just keeps saying "threat detection update failed".

    :30403
  • 0

    Thanks for the info Nathan

    :30405
  • 0

    Can anyone tell me how to confirm that our server and nodes have pulled down the required update?

    :30407
  • 0

    ok - we believe that Sophos has pushed out the update BUT we can't update because the minute anyone tries to hit the updater the old definition files (on the enduser machines) immediately tank out the update and quarantine it yet AGAIN!!!

    Now what do we do - uninstalling Sophos will probably tank all the files that were quarantined forever - meaning a reinstall of every program on the machine.  there doesn't seem to be any authorize option for quarantine - we could authorize and then turn off scanning but there doesn't seem to be any way.

    we need help from Sophos NOW.

    :30409