Is any one else seing this alert - Shh/Updater-B False positives

---

digerman wrote:

Hi I deleated the file now how do i update when i dont have a update tab

thanks

---

I'm not sure what you mean. Is this the endpoint client (right click shield, update now assuming the shield is present) or the Sophos Update Manager (right click the Sophos Update Manager in SEC, Update Now).

---

jkrous wrote:

Nathan, our consoles are updated.  For clients, we have disabled on-access scanning, moved all the quarantined files back (with a batch file) then rebooted, but Sophos is still not able to get update from the console. 

---

Do you have the error that the endpoints get?

---

Nathan wrote:

---

digerman wrote:

Hi I deleated the file now how do i update when i dont have a update tab

thanks

---

I'm not sure what you mean. Is this the endpoint client (right click shield, update now assuming the shield is present) or the Sophos Update Manager (right click the Sophos Update Manager in SEC, Update Now).

---

I know what he means.  Once you open the Sophos Endpoint, the entire UPDATE section is missing from the bottom of the window.

How do I get that back?

Is there a downside to just re-"Protecting" the computers whose Sophos Update files were sent to the INFECTED dir, rather than restoring those files to the original directory?  Besides this not resolving the same issue with 3rd party updaters.  Will this even work?

---

ktremain wrote:

---

Nathan wrote:

---

digerman wrote:

Hi I deleated the file now how do i update when i dont have a update tab

thanks

---

I'm not sure what you mean. Is this the endpoint client (right click shield, update now assuming the shield is present) or the Sophos Update Manager (right click the Sophos Update Manager in SEC, Update Now).

---

I know what he means.  Once you open the Sophos Endpoint, the entire UPDATE section is missing from the bottom of the window.

How do I get that back?

---

That is tied to ALmon.exe. You need to launch ALmon.exe again to get it back. You should be able to launch ALmon.exe from C:\Program Files\Sophos\Autoupdate.

---

markho wrote:

Is there a downside to just re-"Protecting" the computers whose Sophos Update files were sent to the INFECTED dir, rather than restoring those files to the original directory?  Besides this not resolving the same issue with 3rd party updaters.  Will this even work?

---

The only downside is increased network traffic. However, if this is the easiest option for you, then that would outweigh the network impact.

Nathan do you have any updates on the phone queue? We have been on hold for an hour and fifteen minutes and must get this issue resolved. Any information you can provide would be very much appreciated, thank you.

---

Help_Please wrote:

Nathan do you have any updates on the phone queue? We have been on hold for an hour and fifteen minutes and must get this issue resolved. Any information you can provide would be very much appreciated, thank you.

---

Currently just under 50 in the queue.

Not sure what you mean by "error that the endpoints get".

Our clients seem unable to get the AutoUpdate service running again, even with moving the files back in place and rebooting.  AutoUpdate keeps trying to reinstall, but it is unsucessful.  "Configure Updating" on the clients is not behaving either.  You cannot see the log or sometimes the entire updating options do not even appear int he client configuration screen. 

Nathan,

Acknowledging in the Enterprise Console has not removed the messages from my clients quarentine.  Is this a timeing issue or do I need to go to each machine and clear the quarentine?

Thanks