- Will my other hosts running Webroot be protected?
- How is this information collected and disciminated out to other hosts in my network?
Answer
Cryptowall Infection
A PC in my company was infected with a varient of Crytowall, however Webroot did not catch this until after the PC had been infected and files on a network share had been encrypted. What I'd like to know is:
Best answer by DanP
Hello DJackson,
That file is now known bad in our cloud database, so not only will your hosts now be protected, all other hosts running Webroot SecureAnywhere are now protected against that file.
I can go ahead and open a support ticket for you with instructions on running our advanced Customer Support Diagnostics and we can look through your logs to make certain that there are no related files that have not been caught.
Thanks,
-Dan P.
That file is now known bad in our cloud database, so not only will your hosts now be protected, all other hosts running Webroot SecureAnywhere are now protected against that file.
I can go ahead and open a support ticket for you with instructions on running our advanced Customer Support Diagnostics and we can look through your logs to make certain that there are no related files that have not been caught.
Thanks,
-Dan P.
+35- OpenText Employee
- Answer
Hello DJackson,
That file is now known bad in our cloud database, so not only will your hosts now be protected, all other hosts running Webroot SecureAnywhere are now protected against that file.
I can go ahead and open a support ticket for you with instructions on running our advanced Customer Support Diagnostics and we can look through your logs to make certain that there are no related files that have not been caught.
Thanks,
-Dan P.
That file is now known bad in our cloud database, so not only will your hosts now be protected, all other hosts running Webroot SecureAnywhere are now protected against that file.
I can go ahead and open a support ticket for you with instructions on running our advanced Customer Support Diagnostics and we can look through your logs to make certain that there are no related files that have not been caught.
Thanks,
-Dan P.
Webroot Threat Research
I also had a system infected by CryptoWall a few days ago, so apparently there are other variants in the wild now. Webroot blocked several files at the time of infection, but did not stop everything because the user's files are now encrypted. Even running a scan now reveals no threats even though there are a ton of processes running on the system that shouldn't be there (consuming 90% of the memory on the system) and a lot of external network connections that shouldn't be happening.
I will be formatting/reinstalling this machine in the morning. If there is some logs I can generate for support before doing so, please let me know.
I will be formatting/reinstalling this machine in the morning. If there is some logs I can generate for support before doing so, please let me know.
Hi @ and welcome to the community!
I would definitely contact support so that they can check what happend and update the database if it's a new threat. Just take care that you don't put the client back online in your company/production network.
I would definitely contact support so that they can check what happend and update the database if it's a new threat. Just take care that you don't put the client back online in your company/production network.
The person that sold me WSA told me that if the WSA client is installed on the computer that is infected, then WSA will be able to undo the changes that were done to the system and that includes reversing the encryption that was done to the files.
Were the two of you that were infected with CryptoWall able to utilize this WSA feature and recover your files? I want to know if this feature actually works.
Justin
Were the two of you that were infected with CryptoWall able to utilize this WSA feature and recover your files? I want to know if this feature actually works.
Justin
+56Hello Justin and Welcome to the Webroot Community!
If you have 45 minutes have a look at this Video about CryptoLocker: Your Money or Your Life https://www.brighttalk.com/webcast/8241/95617 given by Andrew Bagnato, Sr. Systems Engineer, Webroot you will need to join and it's a great place and they don't pester you at all! Also here is another Good one 34 minutes Modern Malware and the need for Remediation Innovation: https://www.brighttalk.com/webcast/8241/106479 given by Tyler Moffitt Threat Research Analyst, Webroot. Also here is one from YouTube: Why Traditional AV Solutions Are Failing -- Webroot Webinar Given by Grayson Milbourne Director, Security Intelligence Webroot.
Thanks,
Daniel ;)
If you have 45 minutes have a look at this Video about CryptoLocker: Your Money or Your Life https://www.brighttalk.com/webcast/8241/95617 given by Andrew Bagnato, Sr. Systems Engineer, Webroot you will need to join and it's a great place and they don't pester you at all! Also here is another Good one 34 minutes Modern Malware and the need for Remediation Innovation: https://www.brighttalk.com/webcast/8241/106479 given by Tyler Moffitt Threat Research Analyst, Webroot. Also here is one from YouTube: Why Traditional AV Solutions Are Failing -- Webroot Webinar Given by Grayson Milbourne Director, Security Intelligence Webroot.
Thanks,
Daniel ;)
I'd also be interested to hear if the rollback feature actually worked for the OP's.
It seems reading and testing that this feature is a core component to the whole Webroot product philosophy.
It seems reading and testing that this feature is a core component to the whole Webroot product philosophy.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.