W32.Trojan.Gen. False Positive Fix - April 24

Show first post

289 replies

We need a real fix for this ASAP. I have damaged programs all over the place, at least one of which will require a complete re-install to re-register it. 
Userlevel 2
The md5 I'm trying to restore is invalid. We have a TON of alerts popping up. We've suspended realtime protection. IS there a way to restore these all at once
I've added the override exceptions for the MD5's that got flagged.  It appears that no other endpoints are getting these alerts for these MD5s, cool.
Then I attempted to restore the files for the individual endpoints that ran into issues but that has not worked.  Does this typically take a while to restore or am I perhaps doing something incorrectly?  It has been about an hour since I restored.
Thank you for your hard work getting this back to normal.
Userlevel 1
I can't get all the md5's. How come I can simply restore from the endpoint machine via the quarantine? Anyway to grant permission for that at least?
Please post an actual fix. This is useless as the scans don't show the MD5 of the quarantined files.
Can you confirm thatthe issue causing the false positives has been addressed? I need to know if we have to disable Webroot entirely to avoid further disruptions. 
Userlevel 2
When this is over Webroot better be buying!
Userlevel 1
Not working here...can't get any files to restore. I need a drink.
Userlevel 2
Also, why can't we display threats found. It's now showing files or MD5's...
Userlevel 2
This is not a fix.  This is a "hey, restore your files manually from the quarantine on all your endpoints".
A fix is an automatic rollback.
Figure it out.
What do you do if you manually added an override for specific policies?  How do you undo that?
This is not a fix, we can only hope that it didn't do too much damage.
We need a fix for standard windows users who need resolutions now and now ones running it as a endpoint solution. 
Userlevel 7
Badge +33
How am I supposed to do this across 3 GSM's with over 3 thousand client sites????? 

Userlevel 2
This is not a fix when you're an MSP....