Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 44 replies
  • Subscribers 1 subscriber
  • Views 145767 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SHH/Updater-B Fiasco Recovery Steps

chavez243

Just thought a thread for just the recovery steps would be helpful as I'm sure this is a big mess for many of my IT brethren who will be burning the midnight oil on the cleanup.

Perhaps a Sophos engineer could chime in on:

- what to do about "Software Delivery failed" in Update Manager

- what to do about ALsvc.exe and ALUpdate.exe being detected / quarantined

- other steps?

:30335


This thread was automatically locked due to age.
Parents
  • 0

    This is really bad... I mean real bad - like someone should lose their job bad. This mistake compromised and will continue to comproimse into the near future the network and endpoint security on the network of multimillion dollar corporations and businesses. Heads should roll.

    Also if you had your policies set to delete or quarantine files as opposed to just denying access - your fix is a whole lot harder.. Just disabling on access protection isn't enough beccause the update files are gone! It still won't update. Not only that - this also broke java updating, adobe updating, HP's systems insight management updating.. - And that is just what it fried on my network..  God knows what else was impacted. 

    Shameful. How did these definitions ever make it past QA at Sophos? 

    :31435
Reply
  • 0

    This is really bad... I mean real bad - like someone should lose their job bad. This mistake compromised and will continue to comproimse into the near future the network and endpoint security on the network of multimillion dollar corporations and businesses. Heads should roll.

    Also if you had your policies set to delete or quarantine files as opposed to just denying access - your fix is a whole lot harder.. Just disabling on access protection isn't enough beccause the update files are gone! It still won't update. Not only that - this also broke java updating, adobe updating, HP's systems insight management updating.. - And that is just what it fried on my network..  God knows what else was impacted. 

    Shameful. How did these definitions ever make it past QA at Sophos? 

    :31435
Children
No Data