Please click here to see the most recent update.
UPDATE 4/28/17 11:45 a.m. MNT: We have 0 calls in queue on our phone line, and are working through about 80 tickets related to the False Positive repair utility. A good portion of those are simply awaiting customer verification.
Please note, the utility was built to address only this specific false positive issue. It will be deactivated in the future.
If applications are operating normally on your systems, you do not need to implement the utility.
If you haven’t yet submitted a support ticket and you need the repair utility, please do so here. Include your phone number as well with the support ticket.
Best answer by freydrewView original
We love Webroot, and this should go without saying, but please beef up your testing environment and your testing processes to ensure that this doesn't happen again.
We don't know what to do now, though. Is it safe to reinstall? Is the problem going to resurface, or has it been fully resolved?
The rule, upon discovery has been removed and they are working on a more permanent fix to repair some of the damage.
So yes, it's safe to put the agent onto the systems.
I also got away pretty lucky with only about 9 systems affected out of over 5000+ endpoints I manage.
Our team (Webroot development) has been working thru the night on a safe process for moving affected files out of quarantine. We needed to insure it would not create further issues. We will provide a more detailed message with current status in a little while. This will be followed by a report that will be something you can use in your discussions with your users and/ or clients. I speak for Webroot when I say we are very sorry for the aggravation this has caused you. Once things are settled down a bit, I would be happy to speak with each of you. We can set that up with your rep. More info in a bit.
1. Is the issue resolved?
2. ETA till we get more details on the process of moving files out of quarantine?
We are hoping the resolution in the previous message is coming quickly and does work.
I don't know if we got lucky or what but out of 100+ endpoints 1 was affected. False positives on Line of business software they've been using for years. I created an exception for the files, un-quarantined the files form the GSM console, had the client "refresh configuration" and its back to running like normal.
We are watching or WR managed systems like a hawk.
While I appreacitate that you guys are working on getting this issue resolved, the communication from Webroot leaves a lot to be desired. Also as a MSP with over 5600 active licenses, your proposed resolution of manually releasing files from quarantine is a no go.
For the future, please learn to be upfront and keep your partners up to date.
You put your trust in a cloud based solution and sometimes, it can cripple you. It really amazes me that this happened at all. Might as well be some form of ransomware that takes over your data and locks you out.
^^^This. I saw the report last year.
The fact this was left unaddressed is not acceptable. I'd like webroot to explain their reason for not fixing this.
Overall I have loved working with webroot and fortunately we had no endpoints effected by this problem yesterday, but this may be a dealbreaker.
I think it's time to put away the "Web Threat Shield Update" link and put up "HOW WE SCREWED UP Update" link instead. Over time, perhaps it could be renamed to "False Positive 4/24 issue update"
Sadly, your posting added no value, as there are no actionable comments you made.
I'm not sure if I feel any better that not only did your company fail to alerts the MSPs, it also failed to alert the distributors, so they didn't have a chance to communicate the problem to us.
If you don't know how to set one of those up I bet I can find a few IT guys on here that can gladly help with this.
We know mistakes happen and most of us although are very pissed off still remain loyal because over all its a good product. But the lack of communication is unbelievable!
I hope that you are coming with a solution PDQ.
It seems likely, but even if not I can't understand why webroot hasn't addressed authenticode.
Of all my client sites, only one was affected severely, but it was (still is) a nightmare.
I was sent these instructions severals times last night, and followed them to restore about 435 quarantined .exe files. I have a manufacturing facility's entire engineering department shut down today, and these steps aren't helping much. It has worked for some files, but others are still logged as "Not received" inthe logs.
Luckily, I have a great contact onsite, and he is working at manually finding copies of the .exe files and pasting them into place and so on. A long and tedious process.
Webroot was sold to me as a product that could reverse such issues with a few clicks - nice how I wasn't told that they meant a few clicks per affected machine (or that this might not even work)!