Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 44 replies
  • Subscribers 1 subscriber
  • Views 145744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SHH/Updater-B Fiasco Recovery Steps

chavez243

Just thought a thread for just the recovery steps would be helpful as I'm sure this is a big mess for many of my IT brethren who will be burning the midnight oil on the cleanup.

Perhaps a Sophos engineer could chime in on:

- what to do about "Software Delivery failed" in Update Manager

- what to do about ALsvc.exe and ALUpdate.exe being detected / quarantined

- other steps?

:30335


This thread was automatically locked due to age.
Parents
  • 0

    Hi, for our clients, we did the following to get them to update successfully again.

    1) Clear the quarantine list (from the client or the server console)

    2) Use PSExec to stop the SAVService on the remote client (which disabled On Access Scanning)

    3) Rename the agen-xuv.ide file to agen-xuv.ide.old

    4) Use PSExec to start the SAVService on the remote client

    5) Update the defenitions (from the client or the server console)

    Here is a batch file I used to performs steps 2, 3, and 4:

    C:\Tools\psexec -accepteula -i -s \\<remotepc> net stop savservice
    rename "\\<remotepc>\c$\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide" "\\<remotepc>\c$\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide.old"
    C:\Tools\psexec -accepteula -i -s \\<remotepc> net start savservice

    :30917
Reply
  • 0

    Hi, for our clients, we did the following to get them to update successfully again.

    1) Clear the quarantine list (from the client or the server console)

    2) Use PSExec to stop the SAVService on the remote client (which disabled On Access Scanning)

    3) Rename the agen-xuv.ide file to agen-xuv.ide.old

    4) Use PSExec to start the SAVService on the remote client

    5) Update the defenitions (from the client or the server console)

    Here is a batch file I used to performs steps 2, 3, and 4:

    C:\Tools\psexec -accepteula -i -s \\<remotepc> net stop savservice
    rename "\\<remotepc>\c$\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide" "\\<remotepc>\c$\Program Files\Sophos\Sophos Anti-Virus\agen-xuv.ide.old"
    C:\Tools\psexec -accepteula -i -s \\<remotepc> net start savservice

    :30917
Children
No Data