@Dashrender said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

I can't recall if the bad ccleaner was signed or not?

Even if it was, that would be a Microsoft compromise. This is about the AV vendors getting hacked.

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:
2019-04-23_0039.png

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

And in those unrelated cases, lots of things flagging the would be more meaningful.

@black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

For now, just temporary disable Real-Time Protection via PowerShell
Set-MpPreference -DisableRealtimeMonitoring $true

Download the executable and scan it manually before you install
Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan

Enable Real-Time Protection after the install
Set-MpPreference -DisableRealtimeMonitoring $false

Excellent, now THAT did it.

@Dashrender said in Microsoft Security Essentials - Script?:

Do you have a remote access solution for these machines?

If not, Mesh Central might be a real life saver - then you could remote in and run these commands. No driving required.

What do you meant "Remote access solution"?
if the question is "DO i have remote access" ?
then the answer is yes .

@wrx7m said in Webroot SecureAnywhere Business Replacement?:

@momurda said in Webroot SecureAnywhere Business Replacement?:

This task Manager behavior is from Webroot?
I see it occasionally; one developer in particular says it is always a problem.

https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Task-Manager/td-p/309032

According to the most recent post in that thread (edit - the most recent post is currently 2 weeks old), a beta release fixes this issue. Being that the thread started in December of 2017, it goes to show how long it takes them to fix things.

yes, that is also what we found out, especially in Windows 10.

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

Thanks, everyone. Policies are the way to handle it.

Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?

Not really. It was recommended by some software vendors but we ignored it and everything kept humming along without issue.

@momurda - I will have to keep an eye on the last seen. So far, those reports are accurate on mine, as they are newly-imaged computers that have not been deployed.

@stacksofplates Yeah, I work mostly in WIndows 10 but my laptop is based on Ubuntu right now.

Please don't reference bad links.

Rough week, first Webroot, now Netgear.

And a lot of people set it to "always do" something bad, then it doesn't ask again.

@RojoLoco Today on this too:
https://community.spiceworks.com/topic/1985267-av-conspiracy-theory-or-reality

@scottalanmiller said in Installing Linux Malware Detect and ClamAV on CentOS 7:

@travisdh1 said in Installing Linux Malware Detect and ClamAV on CentOS 7:

Any reason to use LMD instead of or in addition to rkhunter?

Doesn't rkhunter focus only on root kits?

Mostly, but this was the first time I remember hearing about LMD.

Windows Defender... works well enough and is included with the operating system.

https://vimeo.com/182707041

@Dashrender said in Sophos False Positive with WinLogon.EXE:

@StrongBad said in Sophos False Positive with WinLogon.EXE:

@Dashrender said in Sophos False Positive with WinLogon.EXE:

other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.

I'm not understanding your statement. This feels like only part of a sentence. Is this a question?

It's a statement - I'll re-word.

Webroot has had more false positives in the 3 years a client of mine has been using Webroot, than I have had in the 10+ years another client has been using Panda AV.

So while I love Webroot (primarily the journaling), it does require more support than other options I have/do use.

I see, thanks for the clarification. That's not what I had read you to mean at all. That makes more sense.

@Richard_Cylance said in Cylance Questions:

FTFY - Sold = Lost. Exec = guru

This reminded me of the following Simpsons clip:
Youtube Video

@BBigford said in Torch malware / browser?:

If we're talking about the same Torch, it's not malware. It has a torrent client embedded in it so that might be throwing up a flag.

Not to say it might be a phishing variant, or be compromised in another way. But the browser itself is fine (based on Chrome). Used it for a couple years before moving on.

I saw that there is a split on whether or not it is technically "malware", but that's not as much my concern. I just need to be able to positively tell the customer that it didn't come from our side (and I'm feeling pretty confident in that it did not).

And to my eyes, @BBigford, its behavior absolutely qualifies it as malware. Too much sneaky stuff going on when you use it, pop up ads all over the place, the use of the word "toolbar", etc, but I digress.