Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 22 replies
  • Subscribers 1 subscriber
  • Views 27319 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos detecting new updates as threat #3453878

Gaurav

We are seeing several alerts for Sophos detecting the new AutoUpdates as a threat –

Following file and locations-

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe". Cleanup unavailable.

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\ALUpdate.exe". Cleanup unavailable.

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Sophos\AutoUpdate\inetconn.dll".

Virus/spyware 'Shh/Updater-B' has been detected in "C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_update_64.exe".

Please advise if these needs to be actioned or are legitimate files.

Your Support Numbers are not working !

:30183


This thread was automatically locked due to age.
Parents
  • 0

    Sophos have just updated the KB saying:

    Falsely detected files have been deleted

    In the case that the 'Anti-Virus and HIPS' policy has been set to delete files if they are unable to be cleaned up it will be necessary to re-protect these endpoints as certain Sophos binaries required for updating may have been removed.

    This is all well and good, however in my case the files removed stop Sophos from running at startup (I.e: No icon appearing).

    So I followed the advice and tried to re-protect one of the desktops, but it fails (Code 0000000a) saying unistall of Sophos AutoUpdate failed.

    Probably because it has deleted/moved some of the update files!

    Grrrrrr. Sounds like I need to send a engineer to visit all the affected machines to manually uninstall sophos and push it out again from the console.

    What a waste of time. Thanks Sophos!!

    :31175
Reply
  • 0

    Sophos have just updated the KB saying:

    Falsely detected files have been deleted

    In the case that the 'Anti-Virus and HIPS' policy has been set to delete files if they are unable to be cleaned up it will be necessary to re-protect these endpoints as certain Sophos binaries required for updating may have been removed.

    This is all well and good, however in my case the files removed stop Sophos from running at startup (I.e: No icon appearing).

    So I followed the advice and tried to re-protect one of the desktops, but it fails (Code 0000000a) saying unistall of Sophos AutoUpdate failed.

    Probably because it has deleted/moved some of the update files!

    Grrrrrr. Sounds like I need to send a engineer to visit all the affected machines to manually uninstall sophos and push it out again from the console.

    What a waste of time. Thanks Sophos!!

    :31175
Children
No Data