Shh/Updater-B: How to run the FixIssues.exe on multiple computers using Enterprise Console

  • Article ID: 118351
  • Rating:
  • 11 customers rated this article 2.6 out of 6
  • Updated: 24 Feb 2016

You can use Enterprise Console to run the FixIssues tool on multiple computers.

This involves temporarily changing your Enterprise Console setup and reprotecting affected computers. The key steps are:

  • Set up new network shares and put the tool in them.
  • Edit your updating policies to use the new shares.
  • List the affected computers.
  • Reprotect affected computers.
  • Restore your policy settings.
  • Clear alerts from the console.

Known to apply to the following Sophos product(s) and versriion(s)
Enterprise Console 5.1.0
Enterprise Console 5.0.0
Enterprise Console 4.7.0
Enterprise Console 4.5.0

What To Do

1. Set up network shares

  1. Go to the Enterprise Console management server (or to the server where you have the network shares for Sophos software, if you put these shares on a different computer).
  2. Create a folder called 'ALT' under \\[servername]\SophosUpdate\.
  3. Under ‘ALT’, create a folder structure that matches the location of the shared folders used for Sophos updates, as follows:
    1. In Enterprise Console, go to ‘View’ - ‘Bootstrap locations’. Note the locations for Windows products.
    2. Create equivalent locations in ‘ALT’, such as \\server\SophosUpdate\ALT\CIDs\S000\SAVSCFXP\
      Note: If you have multiple ‘subscriptions’ to Sophos software and therefore multiple Sxxx directories within your ‘SophosUpdate’ share, you may need to create additional directories. E.g., ...\ALT\CIDs\S001\SAVSCFXP\, ...\ALT\CIDs\S002\SAVSCFXP\, etc.. This depends on which endpoint computers have been affected.
  4. Request FixIssues.exe from support and then copy it into each 'SAVSCFXP' directory created above.
  5. Rename FixIssues.exe to Setup.exe

2. Edit your updating policies

  1. In Enterprise Console, right-click on your updating policy and select ‘View/Edit policy’.
  2. Click on the ‘Initial Install Source’ tab. Un-check ‘Use primary server address’ and change it to the new ALT folder, i.e., from \\[servername]\SophosUpdate to \\[servername]\SophosUpdate\ALT
    Note: You should make a note of the current path as you will revert this change later.
  3. Click 'OK', ignoring any warnings.
  4. Wait for policy compliance for the computer to change from ‘Awaiting policy transfer’ to ‘Same as policy’.

3. List the affected computers

You can quickly list just the affected computers, as follows:

  1. In the Enterprise Console Dashboard, click on the ‘Viruses/spyware’ link to show a list of ‘Managed computers with outstanding Virus/malware alerts’.
  2. Select all computers (Ctrl+A).
  3. Right-click and choose ‘Resolve Alerts and Errors…’.
  4. Click on the ‘Name’ column header to sort by alert name in order to group all ‘Shh/’ detection entries together in the list.

4. Reprotect on affected computers

  1. Right-click on the affected computers and click on ‘Protect Computer’.
  2. A wizard guides you through the process.

The endpoints should get fixed and the policy compliance should be shown as ‘Same as policy’ in Enterprise Console.

Note: It may take a while to deploy the fix to all endpoints.

5. Restore your policy settings

Once the endpoints have been fixed, edit the modified updating policies to restore the ‘Initial Install Source’ to the original setting.

6. Clear the alerts

You should clear unwanted Shh/ alerts from Enterprise Console. There are two ways to do this:

  • Use a special batch file.
  • Use Enterprise Console to ‘acknowledge’ the alerts.

6.1 Use a special batch file

  1. Close Sophos Enterprise Console.
  2. Right-click on this link: fpack.txt, select 'Save link as...' and save the file to the Desktop of your server.
  3. Change the extensions of the file from .txt to .bat - you may have to show hidden file extensions on your server:
    • In a Windows Explorer window (Windows key+E to open) select (depending on operating system):
      • Windows 2008: 'Organize' button | 'Folder and search options' | 'View' tab | Uncheck the option 'Hide extensions for known file types'
      • Windows 2003: 'Tools' | 'Folder Options...' | 'View' tab | Uncheck the option 'Hide extensions for known file types'
  4. Run the batch file. If there are any errors while running the tool, they will be displayed.
  5. To check the alerts have been ‘Acknowledged’, launch Enterprise Console and review the outstanding alerts.

6.2 Use Enterprise Console to ‘acknowledge’ the alerts

  1. Launch Enterprise Console.
  2. Click on the ‘Viruses/spyware’ link on the Dashboard to switch the computer list view to display: ‘Managed computers with outstanding Virus/malware alerts’.
  3. Select all computers (Ctrl-A).
  4. Right-click and choose ‘Resolve Alerts and Errors…’.
  5. Click on the ‘Name’ column header to sort by alert name in order to group all ‘Shh/’ detection entries together in the list.
  6. Select all ‘Shh/’ detections then click ‘Acknowledge’.


If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent