Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260785 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    I have an MSP platform that was set to MOVE non-cleanable files. 

    How do i get all the REMOTE clients fixed now? 

    I have repaired the SEC and SUM servers, so the updates are waiting to go out, but the clients updaters are MOVED, so they are not pulling fixed files.

    :30611
  • 0

    Sophos needs better beta-testing on updates

    :30613
  • 0
    BlackDiamond wrote:

    Still can't get the services to start.

    Sophos Update Manager Service

    Runtime Error

    Program: c:\program files\sophos\update manager\sumservice.exe

    This application has requested the runtime to terminate it in an unusual way.

    Please contact the application's support team for more information.

    If you use Move or Delete for your cleanup, that might explain your issue. If so, try restoring the deleted files (check the SAV log to find out what files and where) and see if the service starts then.

    :30615
  • 0

    Hi Nathan - the files are still showing in quarantine.  is there any way to manually reauthorize them?  Many thanks.

    :30617
  • 0

    We're unable to start the Sophos Update Manager on our Enterprise Console Server.

    We're receiving Error 1067: The process terminated unexpectedly.

    Any idea on how to get the updater service to work again?

    We've stopped the Sophos Anti-Virus Service, deleted agen-xuv.ide and restarted Sophos Anti-Virus Service.

    :30619
  • 0

    To lwallman

    >Run the update manager on the server and check for an update.

    Just get "software delivery failed" when try to run update.

    Try disabling your on access scan policies then try running the update manager on the server.

    :30623
  • 0
    mamafish wrote:

    One of my employees deleted files in quarantine. Not sure what that will do?

    Another workstation completely froze up and will not restart. Any ideas?
    Help!

    Did they delete the actual files, or just the items from the QM? What files were deleted? If they were all in the cache location (you'll see cache in the path), then no worries, just update again.

    :30625
  • 0
    lwallman wrote:

    >Run the update manager on the server and check for an update.

    Just get "software delivery failed" when try to run update.

    Hi,

    Please try deleting agen-xuv.ide from you SUM servers program files\sophos\sophos anti-virus directory and restarting savservice. that should get your SUM to update again.

    :30629
  • 0
    Lelia wrote:

    Nathan

    I rempoved the agen-xuv.ide and restarted services on my server.  It still wont update.  I think the update.exe was deleted.

    What do I need to do to get updates working again on the server?

    Thanks

    Do you have a backup of the server that you can restore the deleted files from? You can check the log on the Sophos Anti-Virus client to confirm what file was deleted and the location to restore it to. From the Home page in the Sophos Anti-Virus client, just click on "View anti-virus and HIPS log".

    :30633
  • 0
    wprensky wrote:

    Hi Nathan - the files are still showing in quarantine.  is there any way to manually reauthorize them?  Many thanks.

    Same here.  This is one of the last issues I have remaining.  I'd prefer to not have this listed in the quarantine anymore even if it isn't being blocked or re-detected with the latest updates.

    :30635