Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1178 replies
  • Subscribers 1 subscriber
  • Views 3261372 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is any one else seing this alert - Shh/Updater-B False positives

leftout

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update.exe". Cleanup unavailable. This is trickling in as alerts but at an alarming rate.

:29723


This thread was automatically locked due to age.
  • 0

    HI,

    slackster wrote:

    So I was trying to remove the Autoupdate on a machine that didn't fix itself properly.  It wouldn't remove so I used Revo to remove it.  It removed everything but now when trying to reinstall from the console I get Installation Failed error 00000062.  Anyone know how I can fix this?

    Does this help:

    /search?q= 26703

    Regards,

    Jak

    :31943
  • 0

    Tried the fixit tool but it doesn't list the Sophos Autoupdater --- or any Sophos software --- when running the tool

    :31945
  • 0
    slackster wrote:

    Tried the fixit tool but it doesn't list the Sophos Autoupdater --- or any Sophos software --- when running the tool

    When you push the install, does Sophos Autoupdate make it on to the endpoint?

    :31947
  • 0

    No --- It just flashes the download arrow and then a red X appears on the machine name on the console but nothing is installed on the client

    :31949
  • 0
    slackster wrote:

    No --- It just flashes the download arrow and then a red X appears on the machine name on the console but nothing is installed on the client

    Sounds like it can't create the scheduled task to start the install. If you don't have a lot of machines you need to push out to, it may be quickest to pull the install. E.g., browse to the update share and run setup.exe out of the SAVSCFXP folder. If that isn't an option for you, check the endpoints to make sure Windows Firewall isn't blocking anything, UAC isn't blocking anything, and that Windows Task Scheduler and Remote Registry services are running on the endpoint.

    :31951
  • 0

    Doesn't install running setup.exe from the SAVSCFXP folder either.  When running setup, it comes up with the first config screen and when I click next it goes away and nothing else happens.  It's not even creating a Sophos directory in the program files folder.

    :31955
  • 0

    ALMon unable to load resource (fix)

    We had a policy that denied then moved AutoUpdater directory files.

    Our procedure:

    1. stop antivirus

    2. stop antivirus reporter

    3. stop autoupdater

    4. taskmanger kill any ALMon processes in memory, there may be more than one if you have multiple remote RDP sessions

    5. travel to "C:\Program Files (x86)\Sophos"

    6. rename AutoUpdate to AutoUpdate2

    7. copy the same directory from a like bitness system (32 bit or 64 bit) 

    8. restart the service "Sophos AutoUpdate Service"

    9. travel back to  "C:\Program Files (x86)\Sophos\AutoUpdate"

    A. double click the ALMon.exe to restore a shield in the systray

    B. right click the shield in the systray and select "Update Now"

    The updater will pull the latest definitions from the source and restart most services including antivirus automatically.

    This had the advantage of (a) didn't have to download the entire installer ~150 MB  only had to copy about 11 MB (b) didn't have to reconfigure the station in the console to put it in a proper group (c) didn't have to reboot the system (d) didn't have to uninstall anything

     confirmed as working on win2008r2 and win7x64

    :31957
  • 0

    @Slackster, Please contact support regarding this as we will need to investigate your install logs, as i suspect that we will need to investigate the specifics of your issues, sorry but we are unlikely to be able to do more on the forums.

    :31961
  • 0
    slackster wrote:

    Doesn't install running setup.exe from the SAVSCFXP folder either.  When running setup, it comes up with the first config screen and when I click next it goes away and nothing else happens.  It's not even creating a Sophos directory in the program files folder.

    Almost sounds like the Update location is missing files. Can you try an Update Now on your SUM and then run setup.exe again on the endpoint after SUM completes its update? Sorry for the guessing, hard to do more then that through the forum.

    :31963
  • 0

    Nate - 

    I wish that was the case.. 

    since this message, I was able to get my core to update but now the endpoints are all telling me that the uninstall of the autoupdate failed so they won't do anything. I'm trying some of the other solutions that people have posted. 

    thanks, truly... 

    I honestly think that you are the ONLY one that is really trying to reach out to customers and help. I'd be all for putting in a GREAT word for you with the suits. 

    :31965