Golden Member
加入日期: Apr 2001 您的住址: 雞窩
文章: 2,820
|
防毒軟體又出包(sophos)
Shh/Updater-B false positive by Sophos anti-virus products
Knowledge base article: http://www.sophos.com/en-us/support...ase/118311.aspx We will continue to update the knowledge base article above with the latest advice for self-service. Please consider following our support team @SophosSupport on Twitter for updates. Updated article below: Some Sophos customers have reported detections today of Shh/Updater-B. Many of these reports involve detections of Sophos's own code, but there are a number of third-party applications which are also being identified. Sophos would like to reassure users that these are false positives and are not a malware outbreak, and apologises for any inconvenience. If you have Live Protection enabled, you should stop seeing these detections as the files are now marked "clean" in the cloud. (Details of how to enable Live Protection can be found in this knowledgebase article). If you do not have Live Protection enabled you will stop seeing the new detections once javab-jd.ide has been downloaded by your endpoint computers (released at Wed, 19 Sep 2012 21:32 +0000 UTC). There is no cleanup for this detection, and you will see it quarantined unless you have your on-access policy set to move or delete detections if cleanup is not possible. Please double check your SAV policy under cleanup; You want to ensure your secondary option (when cleanup is not available or does not work) to be set to ‘deny access’ and not delete or move. Once the detections have stopped, you can acknowledge the alerts in the Console, this way you can see who is still reporting it, and confirm it is trending down. You should also check that any third-party applications that may have been erroneously detected as Shh/Updater-B are restored. -------------------------------------------------------------- 大意是 Sophos殺毒軟體周三將自己的更新程式Shh/Updater-B 辨識為惡意程式,並自動將其刪除,造成用戶無法更新 ------------------------------------------------------------------ 這些是發生在有中央管理平台的sophos上.... 好像之前才發生過symantec 把windows的系統檔砍了... sophos更帥...把自己的更新程式當成病毒....太酷了
__________________
燦坤卡號 36680441 歡迎取用 順發卡號 00149760 歡迎取用 2015日本滋賀縣 琵琶湖 機車環湖之旅 2016東京競馬初體驗 2017四國機車行 2018紀伊半島機車行 2019 HONDA CROSS CUB山陰閒晃 2021 久違的重機開箱文-Z900RS 景點分享-台南東山咖啡-竹栱仔厝 2022 重機小跑-環半島之旅 2023-名古屋-富士山之旅 |
|||||||
2012-09-28, 11:33 AM
#1
|
Golden Member
加入日期: May 2002
文章: 2,919
|
每一家防毒產品幾乎都出包過...
用過小紅傘... 有一段時期出大包竟然中了一堆木馬 , 還好有MSE當掃毒備份... 最後用COMODO除了病毒碼更新太勤奮之外 , 中毒倒是沒有... 不過那個最機車的是 Comodo secure DNS 擋掉了不少無辜站台... 像hinet就全數被檔.. |
||
2012-09-28, 11:41 AM
#2
|
Elite Member
加入日期: Sep 2006 您的住址: Mt.Ali
文章: 4,548
|
有會自廢武功的,強~
__________________
簽名檔配備常常僅供參考,所以不列了 |
2012-09-28, 01:08 PM
#3
|
Senior Member
加入日期: Aug 2001 您的住址: 台北市
文章: 1,109
|
常更新病毒碼
不亂開不明檔案 不只用一種防毒軟體 可以確保電腦不中毒 |
2012-09-28, 01:51 PM
#4
|
Junior Member
加入日期: Aug 2000 您的住址: 台灣中部
文章: 856
|
公司也是用這套
約期就快到了還搞這齣 搞的數百台電腦開機都出現錯誤訊息 IT人員一直接電話其他事都不用做了 |
2012-09-28, 03:37 PM
#5
|
Golden Member
加入日期: Apr 2001 您的住址: 雞窩
文章: 2,820
|
引用:
如果有AD還好.可以直接派送修正檔 沒AD的環境就慘了.... 我看SOPHOS會丟掉不少客戶
__________________
燦坤卡號 36680441 歡迎取用 順發卡號 00149760 歡迎取用 2015日本滋賀縣 琵琶湖 機車環湖之旅 2016東京競馬初體驗 2017四國機車行 2018紀伊半島機車行 2019 HONDA CROSS CUB山陰閒晃 2021 久違的重機開箱文-Z900RS 景點分享-台南東山咖啡-竹栱仔厝 2022 重機小跑-環半島之旅 2023-名古屋-富士山之旅 |
|
2012-09-28, 04:11 PM
#6
|
Master Member
加入日期: Mar 2012
文章: 2,329
|
引用:
沒AD環境是指沒有用網域在AD上裝server版防毒,網域中的電腦都是由server端更新 病毒碼這種 |
|
2012-09-29, 09:14 AM
#7
|
Golden Member
加入日期: May 2002
文章: 2,919
|
引用:
不必用到AD去派送也可以由防毒伺服器派送給所有的Client PC啦.... |
|
2012-09-29, 09:48 AM
#8
|
Master Member
加入日期: Mar 2012
文章: 2,329
|
引用:
如果是無對外的Intranet不就gg了 |
|
2012-09-29, 08:21 PM
#9
|
Elite Member
加入日期: Oct 2002
文章: 4,792
|
引用:
..........不過, 應該是把Server端修好就可以了 不會連client端都得要重新佈署吧 出這包真的會讓人頭痛 之前卡巴也出過包 造成outlook出問題 將災情查google 網路上馬上就查得到各方都有相同訊息 (含官網) 才知道網路真是迅速
__________________
天之道,損有餘而補不足 人之道則不然,損不足以奉有餘 此文章於 2012-09-30 01:01 AM 被 u8526425 編輯. |
|
2012-09-30, 12:56 AM
#10
|