Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3260895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    FixSAV.vbs

    I came up with my own script that parses the SAV.log file and copies ALL files back to their original locations. If you deleted them, you're sunk and would have to copy from another computer I guess.

    I also added some stuff from ktremain and KUSA's scripts to get the service restarted and almon running.

    Enjoy!

    BTW I didnt even fix the missing definition file, just ran this and then ran the updater, and it never re-quarantined my files.

    :30839
  • 0

    Yeah, I keep getting dropped too.  Maybe that's why the queue is going down.

    :30841
  • 0

    Is there a manual removal tool for Sophos AutoUpdater?  I need to reinstall Sophos on several machines due to updater files being deleted and can't seem to do so.  I tried to uninstall all the apps via add/remove programs after stopping the Sophos services, but Sophos AutoUpdater fails every time I try to uninstall 25010 "WaitingUntilFileUnlocked".

    I've got around 40 machines with this issue right now and need some help so I can reinstall Sophos onto them and get them working properly.  Ideally I'd like a removal tool I can script and then I can use the console to reinstall.  Thanks.

    :30843
  • 0

    Nathan

    Unfortunalely  I am a new adopter and had the option set to move and delete quarantined files and now they are gone.  So I get the ALMon error loading external resources (0x80070005) on my server and all endpoints.  Also when this first came through I individually went to each of 8 workstations to scan and delete all found viruses.  Not good.

    Do I need to uninstall SAV on all workstations and have it sent down to them again by the server?

    I did this on the server as well.  Do I need to uninstall SAV and SCC from the server and reinstall?

    What a mess.  I wish that I had waited and had the setting setup differently.

    Thanks for your help.

    :30845
  • 0

    I've been trying to deal with this all morning. Arrived to find a mess of emails.

    We are running Sophos Enterprise Console, and although I have tried following teh instructions here, it has been unable to pull new updates.


       Update manager status                                                                Date/time            Code      Description                            
                                                 20/09/2012 9:47:57 AM80040404  Threat detection data update failed.   
                                                 20/09/2012 9:47:57 AM80040406  Delivery failed for software subscription 'Recommended'. Access to the source update location is denied or the location is otherwise unavailable.
                                                 20/09/2012 9:19:55 AM80040401  Software update failed.                
                                                 20/09/2012 9:18:07 AM80040404  Threat detection data update failed.   
                                                 20/09/2012 9:08:09 AM80040404  Threat detection data update failed.

    Is there an alternative update location I can use to try and pull teh files from. Currently we use a server our upsteam organisation provides. Is there a Sophos server I can direct the update requests to as a secondary option?

    Also... our On Access Scan was set to delete ... any suggestions for repairing my endpoints, 30+ servers and about 1000 workstations/laptops?

    :30847
  • 0

    Nathan -- I've been dropped by your phone system 7 times now.

    :30849
  • 0

    "ALMon.exe won't load manually either -- "Error loading external resources (0x8007007e).""

    That's what's still happening on all of my servers except for the one with SEC.

    :30851
  • 0
    markho wrote:

    Yeah, I keep getting dropped too.  Maybe that's why the queue is going down.

    If you get into the system far enough to choose the option for a callback, I would suggest doing so.

    :30855
  • 0

    I'm with AZJim_K here too... we also had the option set to move and delete quarantined files and now they are gone.  So I to am getting get the ALMon error loading external resources (0x80070005)

    :30857
  • 0
    jkillebrew wrote:

    FixSAV.vbs

    I came up with my own script that parses the SAV.log file and copies ALL files back to their original locations. If you deleted them, you're sunk and would have to copy from another computer I guess.

    I also added some stuff from ktremain and KUSA's scripts to get the service restarted and almon running.

    Enjoy!

    BTW I didnt even fix the missing definition file, just ran this and then ran the updater, and it never re-quarantined my files.

    Nice script, i assume you intentionally left the copy line commented to force people to read and understand it? :)

    :30859