Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1951 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Shh/Updater-B False positives - Script to restore moved files not working on Windows 7

dw-ecl

Hi,

This in in regard to the Shh/Updater-B False positives issue.  We had our software set to Deny Access and Move and now we are trying to run the script provided by Sophos to move files back to theri oricinal locations.  This is working fine on Windows XP machines but is not working on Windows 7.  We are logged on as an admin while running the script but any file not related to Sophos (such as Adobe Flash updater) are not being moved back to their original locations and the log is stating access was denied when trying to move the files - what gives?

Thanks,

D

:32151


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    Can you see that the files which were moved are in the INFECTED directory with the .000 extension? Worth checking they are there.  

    Using the SAV.txt log from the machine, can you see where the files were and their new entry in the INFECTED folder with the .000 extension?

    Can you, when logged in as the same user you're running the script as, move the file from the INFECTED folder to the original location and restore the original extension?

    This manual operation would at least replicate roughly what the script is doing and check that your account can revert the files.

    Regards,

    Jak

    :32475
Reply
  • 0

    HI,

    Can you see that the files which were moved are in the INFECTED directory with the .000 extension? Worth checking they are there.  

    Using the SAV.txt log from the machine, can you see where the files were and their new entry in the INFECTED folder with the .000 extension?

    Can you, when logged in as the same user you're running the script as, move the file from the INFECTED folder to the original location and restore the original extension?

    This manual operation would at least replicate roughly what the script is doing and check that your account can revert the files.

    Regards,

    Jak

    :32475
Children
No Data