Sophos quarantining auto update again

Hello bestseany,

what was the detection reported? And did it affect alsvc.exe only?

Christian

Yes, the alsvc.exe file was the only one affected.

It was reporting it as Shh/Updater-B. I've tried adding the file has an exception in the AV policy but it doesn't help.

We're using Enterprise 5.1 and version 10 of the client.

Hello bestseany,

don't think the FP has risen from the grave :smileysurprised:

What are your cleanup settings? Have the files been moved or deleted? If not, the updating should work when you add the exclusion (you specified the file name, didnt you?) and the clients comply.

In addition to the clients' VDL version and IDE count you should check the date of the detection. Unlikely that some clients have updated and reported for half a year but I won't rule it out absolutely. I would have suggested collecting the logs and sending them to support, but then you probably want to make sure that it is not a false alarm (forgive the pun).

Christian

The cleanup settings are set to Deny Only. Nothing's being done to the file, it's just being kept in quarantine. This is actually every machine on the network (nearly 200) now and nothing has updated since yesterday morning.

The exception has been added but it doesn't help. I tried reinstalling Sophos on one client, the file isn't showing as quarantined but it still won't update.

There's definitely something wrong that wasn't wrong before. I guess I'll have to speak to Sophos support.