ALI Blog

Executive and Technical Blogs

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Login
    Login Login form

Sophos "Shh/Updater-B Malware" False Positives

Posted by on in Technical
  • Font size: Larger Smaller
  • Hits: 8119
  • Subscribe to this entry
  • Print

An identity for Shh/Updater-B released by SophosLabs for use with Sophos Protection system has caused a False Positive issue that has affected many customers.  This Technical Alert advises how to resolve it.

 Affected products

All Sophos Endpoint solutions, including Small Business Edition (SBE) licenses.  Sophos is also investigating the impact to customers of the Endpoint Protection module within the Sophos UTM.

Details of the issue

SophosLabs released a False Positive for Shh/Updater-B at 18:48:35 (UTC) on Wednesday, 19 September. As a result, some customers are receiving incorrect notifications on Windows systems that they have a malware infection. This is a False Positive, not a malware outbreak.

An update to address this issue was released and published at 21:32 (UTC) on Wednesday, 19 September. This resolved the underlying cause for this False Positive however customers may still be experiencing issues.

Stay up-to-date on this issue

For regular updates:

Sophos is committed to delivering the best protection at all times and we sincerely apologize for any inconvenience caused by this issue.

If you continue to have difficulty with this issue and would like assistance, please do not hesitate to contact me at the ALI Technical Assistance Desk.


Brice Stevens
ALI Technical Assistance Center (TAC)
(540) 443-3398


Trackback URL for this blog entry.