Shh/Updater-B false positive by Sophos anti-virus products
Knowledge base article:
http://www.sophos.com/en-us/support...ase/118311.aspx
We will continue to update the knowledge base article above with the latest advice for self-service. Please consider following our support team @SophosSupport on Twitter for updates.
Updated article below:
Some Sophos customers have reported detections today of Shh/Updater-B.
Many of these reports involve detections of Sophos's own code, but there are a number of third-party applications which are also being identified.
Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologises for any inconvenience.
If you have Live Protection enabled, you should stop seeing these detections as the files are now marked "clean" in the cloud. (Details of how to enable Live Protection can be found in this knowledgebase article).
If you do not have Live Protection enabled you will stop seeing the new detections once javab-jd.ide has been downloaded by your endpoint computers (released at Wed, 19 Sep 2012 21:32 +0000 UTC).
There is no cleanup for this detection, and you will see it quarantined unless you have your on-access policy set to move or delete detections if cleanup is not possible.
Please double check your SAV policy under cleanup; You want to ensure your secondary option (when cleanup is not available or does not work) to be set to ‘deny access’ and not delete or move. Once the detections have stopped, you can acknowledge the alerts in the Console, this way you can see who is still reporting it, and confirm it is trending down.
You should also check that any third-party applications that may have been erroneously detected as Shh/Updater-B are restored.
--------------------------------------------------------------
大意是
Sophos殺毒軟體周三將自己的更新程式Shh/Updater-B 辨識為惡意程式,並自動將其刪除,造成用戶無法更新
------------------------------------------------------------------
這些是發生在有中央管理平台的sophos上....
好像之前才發生過symantec 把windows的系統檔砍了...
sophos更帥...把自己的更新程式當成病毒....太酷了