Is any one else seing this alert - Shh/Updater-B False positives

Hey Nathan,

You have been helpfull. And it is appreciated..

Do I dare mention that nobodu from Sophos should be going home today/tonight and there should be 10 more tech persons responding to individuals questions??

On my console server, I was able to replace the ide files from the zip file so the binaries would update, and then did a reinstall of the client from an old installer I had on the desktop so that it would update and fix itself.

I hope tomorrow is not a nightmare day when my clients get started..

Yes, we're showing 1.3.2.176 and all appears to be well with ours now.  We had a few (maybe 5) of our 600+ machines that we had to physically connect to and run the script that someone posted earlier.   The rest worked by disabling the on-access scanning, downloading latest files in SUM and giving it a few hours to push out to the machines.  Then we re-enabled on access scanning, acknowledged our infected machine notifcations and waited.    5 or 6 showed back up and those are the ones we manually ran that script on.

---

techmoore wrote:

Can the people who have this resolved please post what version of binaries they're running? 1.3.2.176

---

1.3.2.176 is the latest, but it is not indicative of whether or not you've received the fix.

javab-jd.ide is the file that includes the fix.

agen-xuv.ide is the file that caused the problem.  It should be deleted and savservice restarted.

To further complicate matters, it sounds like a repaired agen-xuv.ide will be re-installed automatically at some point in time (not sure if this is already occuring).

I don't know who first put this in but THANKYOU!!>..

CHECK YOUR SCHEDULED SCANS TOO!

CHECK YOUR SCHEDULED SCANS TOO!

CHECK YOUR SCHEDULED SCANS TOO!

CHECK YOUR SCHEDULED SCANS TOO!

CHECK YOUR SCHEDULED SCANS TOO!

CHECK YOUR SCHEDULED SCANS TOO!

Same problem here on an hospital !! 2000 workstations and servers with this problem. The IDE is downloaded and pushed to the devices but still files on quarantaine with high impact... Please fix it quickly!

I'm seeing alot of clients after restarting missing the alsvc.exe causing the auto update service to not start.  Is there an easy way to repair the clients?  else I'll just script the copy back.   

I'll add that having one person helping in these forums with this issue, 5 and a half hours later, who has now gone home, is absolutely ludicrous.

Nothing against Nathan, I appreciate that he was doing his best with the knowledge available to him, but WTF Sophos?

Mistakes happen, how they are handled is where you sink or swim.  Sophos is drowning..

markho wrote:

I'll add that having one person helping in these forums with this issue, 5 and a half hours later, who has now gone home, is absolutely ludicrous.

Nothing against Nathan, I appreciate that he was doing his best with the knowledge available to him, but WTF Sophos?

Mistakes happen, how they are handled is where you sink or swim.  Sophos is drowning..

---

I agree.  One person helping on the forums and call in support which is trashed. 

I am having a feeling that workstations are going to have to be handle case by case

Sophos - we need to know how to clear these files and have them "un-quarinteend"  however you spell that:smileytongue:

We had aggressive policies on our workstations here and programs are just going to have to be repaired or re-installed on each workstation

EPIC FAIL SOPHOS!!!

How can I acknowledge the alerts and remove the items from the quarantine in the enterprise console?  The files do not seem to have been moved into an infected folder, just tagged as quaratined.  Manually doing this on each machine is not possible.