la page de résolution a été mise à jour :
What To Do
You should ensure that endpoints are up to date with the latest IDE files. The detection and alerts will have stopped with the release of javab-jd.ide, which was released on Wed, 19 Sep 2012 21:32.
The MD5 for this IDE is 90e873330239722f58efabf8c27e7138
Confirm SUM is updated and downloaded javab-jd.ide to distributions
1)Check within the update manager view there are no download errors and Sophos Update Manager has downloaded recently successfully.
2)Check the local Sophos Anti-virus installation has received the IDE - javab-jd.ide.
For example if you navigate to the following locations to check.
C:\Program Files\Sophos\Sophos Anti-virus\
C:\Program Files (x86) \Sophos\Sophos Anti-virus\
3)Check the distributions are populated with the IDE - javab-jd.ide by identifying the Bootstrap Locations within SEC, from View within the toolbar.
For Windows packages navigate to the locations shown and confirm the ide exists within the SAVXP folder.
For example:
\\SERVERNAME\SophosUpdate\S000\SAVSCFXP\SAVXP\
Next actions
If SUM has updated and the distributions have been updated with the IDE then move into the Endpoints section. Otherwise please follow these steps:
1)Check the Anti-virus & Hips policy assigned to the Sophos Update Manager server and make a note of the current Cleanup options within the onaccess scanning configuration.
2)Set the configuration to the below if configured differently:
Cleanup
Deny access only for Virus/Spyware
Windows Exclusions
C:\Documents and Settings\All Users\Application Data\Sophos\
C:\Program Files\Sophos\
C:\Program Files (x86)\Sophos\
C:\ProgramData\sophos\
3)Enable Live Protection within the 'Sophos Live Protection' option
4)Depending on the Cleanup configuration noted in point 1 follow the steps relevant to your configuration:
Deny access only
Stop the Sophos Anti-Virus service (Start | Run | Type: services.msc | Press return).
Delete the quarantine.xml file from:
C:\Documents and Settings\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml.
or
C:\ProgramData\Sophos\Sophos Anti-Virus\Config\Quarantine.xml
Start the Sophos Anti-Virus service.
Delete
Rerun the SUM.msi to repair the installation, navigate to:
C:\ProgramData\Sophos\Update Manager\Install\
C:\Documents and Settings\Application\Sophos\Update Manager\Install\
'Right Click' on the SUM.msi and select repair.'
Deny access and move to..
A script will shortly be available.
Endpoints checks
Symptoms:
Any virus detections of 'Shh'
Sophos Autoupdate not updating correctly
Other products update mechanisms not functioning correctly
1)Check the Anti-virus & Hips policy assigned to the Endpoints and make a note of the current Cleanup options within the onaccess scanning configuration.
2)Set the configuration to the below if configured differently:
Cleanup
Deny access only for Virus/Spyware
Windows Exclusions
C:\Documents and Settings\All Users\Application Data\Sophos\
C:\Program Files\Sophos\
C:\Program Files (x86)\Sophos\
C:\ProgramData\sophos\
3)Enable Live Protection within the 'Sophos Live Protection' option
4)Depending on the Cleanup configuration noted in point 1 follow the steps relevant to your configuration:
Deny access only
Stop the Sophos Anti-Virus service (Start | Run | Type: services.msc | Press return).
Delete the quarantine.xml file from:
%allusersprofile%\Application Data\Sophos\Sophos Anti-Virus\Config\Quarantine.xml.
or
C:\ProgramData\Sophos\Sophos Anti-Virus\Config\Quarantine.xml
Start the Sophos Anti-Virus service.
Delete
1) Reprotect the endpoint from the Enterprise Console
If this fails please.
Copy of the contents the SAU folder from distribution location established above:
For example \\SERVERNAME\SophosUpdate\S000\SAVSCFXP\SAU\ and replace the cache: C:\ProgramData\Sophos\AutoUpdate\Cache\sau
Then attempt a reprotect of the client again.
Deny access and move to..
A script will shortly be available.
Message édité par millaman le 20-09-2012 à 14:22:28