W32.Trojan.Gen. False Positive Fix - April 24

Show first post

289 replies

Hi, what issues exactly have you been experiencing if you don't mind me asking?  The only issues I exprienced today was Facebook but that went away after Webroot stated they fixed it.  Are there more issues?  BSOD'S?  Windows Boot Failures?  I've been reviewing this trying to find if we were affected any further than the Facebook problem.  Thanks
Second that, smae exact issues here.. I just love working 18 hours on a Monday. 
Userlevel 2
Because the entire thing is broken at this time. I have spent the day trying hard to resolve clients. and still no updates from Webroot besides "It's being worked on". MSPs should have been a priority, they need to make this work. I have already sent messages off to other AV vendors for price quotes on our MSP practice.
I sent hundreds of restore file commands to our agents at 4PM PST. It's now over 6 hours laters!! Why are the commands not being executed? The agents have been checking in. I have been forcing them to check with the "poll" command locally as well. I sent the reverify command and surprise! It hasn't executed either. Any advice Webroot? 
If we could all get an email for MSP's when a real fix is available that would be great...  This is very damaging, and to find out via twitter is disheartening.  In all honesty, as soon as you found out honesty would have been the best thing you can do.  We all make mistakes.  When I make a mistake I admit it!!  That is the fastest way for us all to let OUR customers know that we know what is going on.
We were left with no choice, but threw our clients into silent audit, shadow copied back what we could, and Veeamed back the rest
This is a cyber attack, whether intentional or by accident. Can't wait for official fix
I'm curious if any of the Cyber insurance policies help pay for this.
Userlevel 2
In the meantime 1000's of clients are having issues. Is there an update list for emails that you will send out that MSPs need to sigh up on.

This is absolutely crippling, and costing companies a large amount of money in downtime and recovery. I think MSPs need a solution more sooner than later.

Let us know if there is a plae to signup for update emails or active updates. hourly updates etc.
Userlevel 7
Badge +48
@ the team is working hard on fixing the issue as fast as possible. 
Userlevel 2
Like all the other MSP's I see listed here, you have absolutely crippled us and many of our clients. Backup Restores is simply not the right "Solution" or "Workarround" this needs resolved, and MSP's need a solution ASAP many critical systems are affected here and more come each hour as they update.
What is the status for a solution for MSPs?!?!
6 hours and still no MSP solution, I have Police departments who are being affected. When is there going to be an update for MSP's? This is completely unacceptable, and I have customers already looking at litigation for lost time/revenue.
Userlevel 7
Badge +48
@ Please follow the steps that we provided at the top of the thread, specifically step 2 "Reverify All Files and Processes." That will flush the local cache and reverify and receive the correct determination. 
Userlevel 1
Have seen 2-3 systems with commands that were pushed around 3pm today starting to Execute.
Still unable to poll and have the policy to unmanaged swap over yet.
Userlevel 7
Badge +31
Yes @.
I would simply issue a restore command followed by a reverify all files and processes and a scan command. 
@is it necessary to create new overrides for files that previously did not have one that were blocked by today's problem?

If the files worked fine before are we safe to only issue a restore command?
Userlevel 2
All this time I thought these instructions were for MSP's. Is there another forum just for MSP customers?
Our backlog of agent commands is definitely not caught up. I still have thousands of "reverify" and "restore" commands that are "not yet received" and have been for 5 hours. 
When can we expect a fix FROM Webroot?
Userlevel 7
Badge +48
@ @ @ @ Please contac customer support at 1-866-254-8400 so that they can troubleshoot this further.  
I am seeing expired sites as well after suspending and then enabling.
We suspended several sites to give us time to mitigate this issue, then after unsuspending, they show as expiring.  Do we need to just wait for the system to recover because of all the traffic occuring now?  The sites have been unsuspended for hours.
Level 3 Senior Tech
Computer Troubleshooters
We have 2 sites that use webroot and neither site is updating the clients for restore. I have 100's of requests in the Command Log to restore files and they are just sitting at Not Yet Received since 5:30pm EST. Pushing new policy, forcing a refresh configuration and also forcing a refresh via command line mentioned in the original post does nothing.
Userlevel 2
I agree with ATechGuy. I look forward to an e-mail from my MSP Account Manager informing me of the issues and what Webroot plans on resolving this in the future. I like Webroot's product a great deal but I dislike having my clients angry and furious at me for something I had no control over. Also, I would like to know how Webroot is willing to address this in the future for their MSPs. I was in the blind for much of what was going on. I understand that the stress of everything coming on at once but I would have appreciated an e-mail from someone at Webroot so I could pass the information along to my clients. I dislike having to stalk social media sites that I feel should be the responsibility of Webroot to notify me of an issue. If I hadn't rang my POC's phone off the hook, I imagine that I would have been left blind. :(
I still have several client computers that aren't fixed. I spent the greater part of my evening trying to at least prioritize workstations and who the manually fix. As an MSP, I have too many endpoints that it's not feasible to remote to all to resolve the issue. I look forward to how Webroot plans on resolving this issue for us MSPs.
Userlevel 7
Badge +48
We are still diligently working to resolve this issue. More updates to come when we have them. 
Userlevel 7
Badge +48
@ We are in the process of creating a complete fix, but in the meantime, small business customers can follow instructions posted at the top of the thread to address the issue. 
Our commands are still not going through the GSM. I've sent them again since informed that they were caught up, but they are still not being processed. We have a 15 minute check in time, so that isn't the issue.