Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    Call centers can only handle so many calls at once. If you could get through, you'd probably just get a message & drop or a voice mail box.

    Sophos committed suicide on about 150 machines here. Sophos updater, FlashPlayerUpdater, JavaUpdater, and FedexUpdater were all taken out.

    If I have to visit every machine to restore ALMON and other toys, I'll rip out Sophos as well.

    :30415
  • 0

    Nathan, At least provide a link to the "Previous Post" for the solution.

    :30417
  • 0

    havoc, try that on your SUM server first. The endpoints seem to be taking the update once it's available, but the false positive is preventing the SUM from being able to download the fixed file. Endpoints that haven't been rebooted yet and didn't have the files moved or deleted should recover on next update.

    I'm working on finding a workaround for systems that had the files deleted that doesn't require a reinstall. As soon as I have something I'll let you all know.

    :30419
  • 0

    Ok, so I was able to do this, but make sure you delete agen-xuv.ide   not .exe

    Now, that worked for one machine, how do we push this to all other machines and servers????  My machine does show up in the console now as updated.

    ______________________________________________________________________________________________________

    This worked! See previous post froim nathan

    If you are unable to perform an update due to the Updating service being quarantined, but have NOT moved or deleted the files, you can do the following.
    1. Open cmd prompt and type net stop savservice 2. Navigate to C:\program Files\Sophos\Sophos Anti-Virus and delete agen-xuv.exe 3. In cmd prompt, type net start savservice
    If a large number of systems are affected, you can use a tool like PSEXEC to execute the commands on a text file list of systems. Please be sure to get your Sophos Update Manager server working first, as all managed endpoints will not be able to download the IDE until the Sophos Update Managers have pulled it from our databanks.

    :30421
  • 0

    STEP BY STEP INSTRUCTIONS THAT FIXED OUR SITE EASILY

    *Note if you do not have it set to delete, the autoupdate will repair itself

    1)On the management server - set the antivirus policy to diable messaging (so your users aren't annoyed)

    2)Disable on-access scanning

    3)Hilight the PC's right-click and force them to comply with that policy

    4) Waite 20 min...The users will no longer be bugged..The policy will go out (magic), the updater will get repaired..and the repaired update delivered.

    All 150 of my nodes were repaired in minutes using this method :-) ...Everyone remain calm ;-)

    :30423
  • 0

    DougFromMaine, please try deleting agen-xuv.ide from you SUM servers program files\sophos\sophos anti-virus directory and restarting savservice. that should get your SUM to update again.

    :30427
  • 0

    I feel your pain, but amplify that a bit here. Try 2000+ client machines and over 300 servers. 

    :30429
  • 0

    Nathan,

    1. Where do i get javab-jd.IDE

    2. Our Workstation policy under Virus\Spyware "Deny access and move to default location" and our Thin Client policy under Virus\Spyware is set to "Deny access only".

    :30431
  • 0

    How do I check to see if the correct .ide was downloaded onto my SUM?

    :30433