Is any one else seing this alert - Shh/Updater-B False positives

To get the javab-jd.ide file download it manually from http://www.sophos.com/downloads/ide/  or if you get (automatic) updates from the cloud then you should have it , it was released at 5:20pm EST.  

Perhaps distributing files via logon.bat or GPO could be a possibility ...

I had success getting the update on the server console using Nathan's method: 

1. Open cmd prompt and type net stop savservice
2. Navigate to C:\program Files\Sophos\Sophos Anti-Virus and delete agen-xuv.exe

 (or in my case navigating to C:\Program Files (x86)\Sophos\Sophos Anti-Virus and the file was already quarantined)
3. In cmd prompt, type net start savservice

so essentially for me: turn off services, count to 30, turn on services. 

Now my head is swimming trying to figure out what next...

---

Diggy wrote:

I think the Sophos update servers are being overwhelmed, and so we see the "software update failed" message.

---

No, I can assure you this is not the case. The problem is that the agen-xuv.ide is causing Sophos Anti-Virus on the SUM server to block downloading new files. If you see the "software update failed" message, please try deleting agen-xuv.ide from you SUM servers program files\sophos\sophos anti-virus directory and restarting savservice. that should get your SUM to update again.

Rebooting client computers resolves the issue.  It appears they must go out and check for an update during reboot BEFORE the SAVService starts.  Tested on 5 machines all working properly after just a simple reboot.

1. Disable your on access scanning for your sophos server and workstations via the policy.
2. Run the update manager on the server and check for an update.
3. Verify that the update completed.
4. Once update completed, update computers/servers.
5. Acknowledge the errors on the systems and they should not come back.
6. Re-enable the on access scanning for your sophos server and workstations via the policy.
7. Relax, the issue is now resolved!

This seems to resolve the alert on the server for the client, but how do we clear the quarantine items on the client???

• Disable your on access scanning for your sophos server and workstations via the policy.
• Run the update manager on the server and check for an update.
• Verify that the update completed.
• Once update completed, update computers/servers.
• Acknowledge the errors on the systems and they should not come back.
• Re-enable the on access scanning for your sophos server and workstations via the policy.
• Relax, the issue is now resolved!

---

lordmike1503 wrote:

Perhaps distributing files via logon.bat or GPO could be a possibility ...

---

This would work as well, assuming you have a source for the files that were deleted that matches what the endpoints had installed.

Hi Nathan - thanks for this  the updater seems to be working again -

quick quesiton - what happens to all the files that were in quarantine - we didn't do anything to them so they are still in the quarantine list - how do we get them all working again?

thanks. 

Yes we are too. It has blocked our Cisco Agent Desktop application, resulting in employees being unable to log into it to accept phone calls. It has also pretty much killed the server (virtual). I have been trying to log into it for 45 minutes now. I killed the network connection for it to try to ease some of the traffice as every email it sends out also gets sent to my helpdesk, which creates a ticket. I currently have 2597 emails concerning this issue as well and all of those will be helpdesk tickets I will need to close lol. Disconnecting the network from the box does not seem to be speeding up the login process. It is still configuring my profile. YAY!!! Looks like a long night for me and a lot of meetings tomorrow with very angry people!!! Oh this is going to be fun!! I have been on hold with tech support for 33 minutes thus far.