Just want to give a heads up that Webroot cannot protect you from these Expiro variants as of yet. We have Webroot installed on 1900 servers and workstations and it won't even detect that the virus is present.
If you have any endpoints with strange activity, download and run the Sophos scanner to identify and clean the infected files. This is what Webroot support did for me. I have been working with them for a couple weeks on this and they still do not have a native solution.
Userlevel 4
Hello TobyT,
I understand your frustration and I want to ensure you that we are currently working on a fix to update our protection against this infection. Polymorphic viruses, such as Expiro, are some of the most difficult infections to detect and remediate because they infect every new file in a unique way. If, during remediation, a single file is incorrectly cleaned, the infection re-propagates. New variants are frequently released which require new detection mechanics.
That said, we do detect the vast majority of these infections and we are very close to the release of a custom tool to target and remediate this specific variant. I greatly appreciate your patience while working with our support team.
I understand your frustration and I want to ensure you that we are currently working on a fix to update our protection against this infection. Polymorphic viruses, such as Expiro, are some of the most difficult infections to detect and remediate because they infect every new file in a unique way. If, during remediation, a single file is incorrectly cleaned, the infection re-propagates. New variants are frequently released which require new detection mechanics.
That said, we do detect the vast majority of these infections and we are very close to the release of a custom tool to target and remediate this specific variant. I greatly appreciate your patience while working with our support team.
Thanks for the update.
Unfortunately we had to use another product to clean/protect the infected servers/workstations. We could not wait any longer. Since another vendor has a way to detecting and cleaning this particular virus, can't you use a similar technique? No sense in reinventing the wheel.
Unfortunately we had to use another product to clean/protect the infected servers/workstations. We could not wait any longer. Since another vendor has a way to detecting and cleaning this particular virus, can't you use a similar technique? No sense in reinventing the wheel.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.