Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260708 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    Pleasse be more specific here. Do I perform these steps on the machine running Sophos or on each machine on the network?

    :30457
  • 0

    1.3.2.176 works at our sites ...

    :30459
  • 0
    ArctecAdmin wrote:

    Nathan, At least provide a link to the "Previous Post" for the solution.

    Apologies.

    Please try deleting agen-xuv.ide from you SUM servers program files\sophos\sophos anti-virus directory and restarting savservice. that should get your SUM to update again.

    :30461
  • 0

    I can't complain because we have under 20 stations but I feel sorry for you big timers who have hundreds, maybe thousands of clients with logs that look like ours:

    20120919 202103    Infected file "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe" has been deleted.
    20120919 202534    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\inetconn.dll". Cleanup unavailable.
    20120919 202534    Infected file "C:\Program Files\Sophos\AutoUpdate\inetconn.dll" has been deleted.
    20120919 203356    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\swlocale.dll". Cleanup unavailable.
    20120919 203356    Infected file "C:\Program Files\Sophos\AutoUpdate\swlocale.dll" has been deleted.
    20120919 211022    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe". Cleanup unavailable.
    20120919 211022    Infected file "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" has been deleted.
    20120919 211024    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll". Cleanup unavailable.
    20120919 211024    Infected file "C:\Program Files\Sophos\AutoUpdate\AUAdapter.dll" has been deleted.
    20120919 211028    Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\SCC\SUM\SUMService.exe". Cleanup unavailable.
    20120919 211028    Infected file "C:\Program Files\Sophos\SCC\SUM\SUMService.exe" has been deleted.
    20120919 211116    Web Protection is no longer functional. The filtering driver has been bypassed or unloaded.

    :30463
  • 0
    1. Disable your on access scanning for your sophos server and workstations via the policy.
    2. Run the update manager on the server and check for an update.
    3. Verify that the update completed.
    4. Once update completed, update computers/servers.
    5. Acknowledge the errors on the systems and they should not come back.
    6. Re-enable the on access scanning for your sophos server and workstations via the policy.
    7. Relax, the issue is now resolved!
    :30465
  • 0

    Thank you for posting this message.  I was freaking!   Once I acknowledge the alerts in the Sophos Enterprise Console will the files no longer be quarantined?   So the updates will work?    Will I have to go to all 5000 computers and remove the files from quarantine before they will update? 

    I went to Update Manager and  did an update now but the last update was 9/19/2012  Version 1.3.2.176.   Is that the latest with the fix? 

    :30467
  • 0
    WTH wrote:

    Nathan,

    1. Where do i get javab-jd.IDE

    2. Our Workstation policy under Virus\Spyware "Deny access and move to default location" and our Thin Client policy under Virus\Spyware is set to "Deny access only".

    Your Sophos Update Manager would download javab-jd.ide from our databanks. If you haven't already, please try running an Update Now on your Sophos Update Manager. If the update fails, please try deleting agen-xuv.ide from you SUM servers program files\sophos\sophos anti-virus directory and restarting savservice. that should get your SUM to update again.

    :30469
  • 0

    HI,

    Maybe disable SAV on the Sophos Server (Where SUM is) to ensure that the dodgy detection isn't preventing the download. Then force SUM to update.

    Regards,

    Jak

    :30471
  • 0

    Hello, if you are experiencing a false positive detection and seeing 'Shh/Updater-B' , please note that we are aware of the issue and are working diligently to correct this issue.  The IDE causing the detection has already been removed from the cloud and we should have the rest of the issue resolved shortly. 

    We apologize for the inconvenience.

    :30475
  • 0
    phillipnolan wrote:

    ". Navigate to C:\program Files\Sophos\Sophos Anti-Virus and delete agen-xuv.exe"

    i assume you mean "agen-xuv.ide"

    otherwise it seems to have worked

    Yes, sorry, ide.

    :30477