Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 44 replies
  • Subscribers 1 subscriber
  • Views 145767 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SHH/Updater-B Fiasco Recovery Steps

chavez243

Just thought a thread for just the recovery steps would be helpful as I'm sure this is a big mess for many of my IT brethren who will be burning the midnight oil on the cleanup.

Perhaps a Sophos engineer could chime in on:

- what to do about "Software Delivery failed" in Update Manager

- what to do about ALsvc.exe and ALUpdate.exe being detected / quarantined

- other steps?

:30335


This thread was automatically locked due to age.
Parents
  • 0

    @zack: Could us fellow forum members politely request that general comments on this issue are restricted to the main thread (http://community.sophos.com/t5/Sophos-Endpoint-Protection/Is-any-one-else-seing-this-alert-Shh-Updater-B-False-positives/td-p/29723)?  This thread is related to recovery steps, and should be restricted to this topic.

    @drahon-it: I have tried your steps again and it has worked successfully.  Not sure what i did wrong the last time.

    To reiterate: To remove the quarantined items listed on the client:

    1. Stop the Sophos Anti-Virus service (SavService.exe)

    2a. For Windows XP - Delete C:\Documents and Settings\Application Data\Sophos\Sophos Anti-Virus\Config\quarantine.xml

    2b. For Windows 7 - Delete C:\ProgramData\Sophos\Sophos Anti-Virus\Config\quarantine.xml

    3. Start the Sophos Anti-Virus service (SavService.exe)

    At this point, the quarantine list should be empty.

    Thanks to drahon-it for this tip.

    Cheers,

    Steve

    :31507
Reply
  • 0

    @zack: Could us fellow forum members politely request that general comments on this issue are restricted to the main thread (http://community.sophos.com/t5/Sophos-Endpoint-Protection/Is-any-one-else-seing-this-alert-Shh-Updater-B-False-positives/td-p/29723)?  This thread is related to recovery steps, and should be restricted to this topic.

    @drahon-it: I have tried your steps again and it has worked successfully.  Not sure what i did wrong the last time.

    To reiterate: To remove the quarantined items listed on the client:

    1. Stop the Sophos Anti-Virus service (SavService.exe)

    2a. For Windows XP - Delete C:\Documents and Settings\Application Data\Sophos\Sophos Anti-Virus\Config\quarantine.xml

    2b. For Windows 7 - Delete C:\ProgramData\Sophos\Sophos Anti-Virus\Config\quarantine.xml

    3. Start the Sophos Anti-Virus service (SavService.exe)

    At this point, the quarantine list should be empty.

    Thanks to drahon-it for this tip.

    Cheers,

    Steve

    :31507
Children
No Data