We recently had a system infected with Cryptolocker, we can see a 2Gb DB file has been generated and attempted to scan/remediate this system. During the cleanup/remediation scan the system blue screened and reset itself, after the reset numerous attempts have been made to complete a remediation scan but nothing happens on completion, Cryptolocker appears to be removed however files remain encrypted. Discussing this with support we have been told as the system crashed during the first attempt it no longer knows where it was at and can no longer roll back any changes. This system was left idle during the initial rollback process and it crashed approx 12Hrs into it so I would say that any crash that occurred was due to the rollback itself! Seems a big claim to say that Webroot can prevent and roll back Cryptolocker when the reality seems to be more like we'll have a crack at rolling it back when our product misses it but when it all goes south you're on your own!