Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261038 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    I just exclude all the related file and folder in SEC, but it's useless. Because all the update service related file were blocked in client.

    This is the most stupid thing I've even seen, and it's really annoying.

    You guys never do an inner test before publish? Oh come on.

    :31131
  • 0

    ECJIT - That sequence worked.  I'll have to manually create the bat to fit my environment, but the combo that deleting the agen-xuv.ide file and running the two VBS scripts fixed Auto Updater. Once that was resolved we were able to force a comply with all group policies from the console to get On-Access disabled. 

    YOU ARE THE BOMB!!!!

    :31133
  • 0

    "You guys never do an inner test before publish? Oh come on."

    I've been wondering the same thing.  How this could have passed QA?

    I understand that it is important to get updates out quickly to minimize endpoint exposure to threats, so there would be a balancing act between quick updates versus QA, but I can't imagine how this could have been missed.

    It's not as if it only falsely triggered against some obscure 3rd party software!  It's triggered against Sophos own software itself!?

    :31135
  • 0

    Jeremiah, Glad to hear it!!!

    Like I said, I didn't create them, just used them.  Credit goes to those guys.  I just found it really tough to find all of it and put it all together.  Figured I would save the early risers some time. After midnight here.

    And I like dBlinds method too as I didn't think to look for the icon in the systray first for the update.

    But fix save or the batch file copy back the files to the autoupdate and repair starts the service.

    Glad I could help. Lord knows I have been helped enough in the past in these tyopes of forums....

    :31137
  • 0

    Us too, Our policy is set to deny but until I hear from Sophos we'll do nothing.

    :31139
  • 0

    We have over 200 computers that have quarantined the updater files needed to fix the issue - ALsvc.exe as well as other dll's what are we to do?? we have tried copying it back - but the service dosent start any more/run  -- please help

    :31143
  • 0

    We have done the Sophos Support recomendations which worked well on most machines.  We now have 18 PCs that refuse to update is there a removal tool we can use so I can manually uninstall and then reinstall Sophos on the clients?

    :31157
  • 0

    What about systems set to delete infected files which cannot be repaired?

    Sorry if I've missed the advice in this thread, but we have a number of customers set like that, and they are well and truly messed up.  One of which was rebooted overnight for other reasons and has deleted its own autoupdate and update manager files. so can't even get the fixed ide's from Sophos.  Reinstall Control Centre?

    Why wasn't this tested?

    :31161
  • 0

    Hello folks!

    We had a BIG Problem all Clients/Servers. We tried to disable on access scanning over SEC,

    but the clients couldn't be updated!

    To connect to all Clients/Servers is no option, there are over 1000....!!!!!!

    Any people with i idea or same problem?

    thanks and regards

    :31163