Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261181 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0
    Nathan wrote:
    Jeff1527 wrote:

    What do you do when you cannot get the SUM to run the update?  I have followed the advisory and nothing happens.......

    The advisory steps should be working. When you select "update now" on the Update Manager, what happens?

    I know prior to the repair from SUM.msi I had exactly nothing happening in the SUM Update Now from Control Centre.

    You could click it as many times as you liked and nothing would happen.

    If I ran an update from an endpoint it checked the SUM repository and confirmed nothing new had arrived.

    Sadly now I ran the SUM.MSI repair nothing runs.  Control Centre runs until an update starts then everything crashes to desktop with the error I posted before.

    :31563
  • 0
    Help_Please wrote:

    Nathan I'm back on the phone again on hold. I hope the phone queue has died down since this is still causing issues for us and the fixes have not worked.

    Unfortunately the phone queue hasn't started dying down yet. We're holding steady at about 65 callers on hold. We're working through the calls as quickly as possible. Can you post where you are stuck? Perhaps I might have a suggestion to help you along while you wait to get through.

    :31565
  • 0

    Unless I'm mistaken outside sources are finding solutions faster than sophos corporate. I appreiciate the script but I would normally not use a script like this unless it came form a authorized sophos rep. For Azurus its listing as Frequent Advisor. Does that mean you are a sophos rep or tech?

    :31567
  • 0

    So what do you do when your SEC no longer updates, and therefore cannot update the clients with the correct IDE.

    :31569
  • 0

    Nathan I am unable to get the threat detection to update. The last update was 1:17 PST yesterday. I have tried the fixes in the forum but have not had much luck. We are still on version 1.3.168 as well, do you have any advice?

    :31571
  • 0
    dreec wrote:

    So what do you do when your SEC no longer updates, and therefore cannot update the clients with the correct IDE.

    Hi Dreec,

    If you haven't already, please see the advisory at 

    http://www.sophos.com/en-us/support/knowledgebase/118311.aspx. There are directions there to help you with the situation you describe.

    :31575
  • 0
    Help_Please wrote:

    Nathan I am unable to get the threat detection to update. The last update was 1:17 PST yesterday. I have tried the fixes in the forum but have not had much luck. We are still on version 1.3.168 as well, do you have any advice?

    Can you post your most recent SUMTrace log? You can find it in %allusersprofile%\Sophos\Update Manager\Logs. (win7 or 2k8 systems, 2k3 is %allusersprofile%\application data\sophos....) I'll take a look and see if I can help.

    :31581
  • 0

    HOW I FIXED MY SUM (The slightly longer but easy way)

    1. Disable on access scanning on the server

    2. Launch the Setup.exe in here: C:\Program Files (x86)\Sophos\Enterprise Console\SUMInstaller (You will get errors)

    3. When the installer says it cant find the file search for the name here: C:\ProgramData\Sophos\Sophos Anti-Virus\INFECTED

    4. You will find the missing files with .000 appended to them

    5. Copy the files out of the infected folder to the path specified by the installer

    6. Hit retry, it will find your file

    7. Repeat for each file, my server needed i think 4 files restored.

    8. This will repair the SUM and start the service

    9. Use "Update Now" on your update manager in the enterprise console

    :31585
  • 0
    Chadster wrote:

    Unless I'm mistaken outside sources are finding solutions faster than sophos corporate. I appreiciate the script but I would normally not use a script like this unless it came form a authorized sophos rep. For Azurus its listing as Frequent Advisor. Does that mean you are a sophos rep or tech?

    Frequent Advisor is someone who posts the forums regularly. Anyone from Sophos will have the title Employee, like myself. The scripts have been posted in a manner that lets the user see what actions are being taken. From there the user of the script can weigh the risk/benefit. We understand that this may not be an option for everyone and are working on additional solutions, workarounds and options. Please keep checking the Advisory KBA for updates.

    :31587
  • 0

    Tried the fix - found it works on some machines but not on others. Tried to uninstall SOPHOS from local clients and received 25010 error.

    :31589