@DustinB3403 said in QBX, Priorietary Dashcams and Hacked Police Departments:

@scottalanmiller Yea I've had to deal with this in the past, the software is just awful to deal with, and literally makes nothing more secure, for either the prosecution, defendant(s) or the public attempting to view the material.

Simple answer is, that it just proves how vulnerable police departments are with such horrible software requirements.

Not aware of any requirement. They just choose this kind of equipment over other options.

@CCWTech said in Windows defender quarentined my VM... WTH?:

@Obsolesce said in Windows defender quarentined my VM... WTH?:

@CCWTech said in Windows defender quarentined my VM... WTH?:

Server down this morning...
VHDX File is just gone... It's missing...
I found out that Windows Defender had detected it was (or had) a virus and quarantined it...

How Windows defender even would ever quarantine a VHDX is beyond me.

Come on Microsoft!

That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.

Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.

What happened to you isn't default behavior.

Not sure, we 'inherited' the server. We don't do HYPER-V any longer. Everything is KVM now. (Proxmox)

But it was for sure quarantiined. Funny thing is that Windows defender scan of the actual VM shows no virus... So weird.

My guess would be that the VM's AV cleaned it up separate from the host's AV killing the VM.

In other news...

Coronavirus Conference to be cancelled... Because of Coronavirus.

https://www.bloomberg.com/news/articles/2020-03-10/coronavirus-conference-gets-canceled-because-of-coronavirus

@JaredBusch could try hitmanpro and adwcleaner to double check..

@Ambarishrh said in virus cleanup-advise needed:

Can webroot help me here, thinking of using webroot and see if it can clean

Maybe. Anything "might" work. But you'll never know.

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@scottalanmiller said in Cerber virus/ransomware making the rounds...:

@wirestyle22 said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@Dashrender said in Cerber virus/ransomware making the rounds...:

@Nic said in Cerber virus/ransomware making the rounds...:

@JaredBusch said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

@Kelly said in Cerber virus/ransomware making the rounds...:

@Rob-Dunn said in Cerber virus/ransomware making the rounds...:

Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.

I'm not sure if it's appropriate to say, but their engine seems revolutionary.

What makes you say that Rob?

Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:

I really want to see a good comparison of Webroot and Cylance from someone not related to either company.

My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.

Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.

I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.

That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.

No way to get around it entirely

Run them side by side in the real world (honeypot kind of thing) and test.

No I mean zero day viruses

Me too.

I don't have faith either would do the job

Isn't the other choice... neither, though? Will "none" do the job?

That's definitely a question

What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.

Agreed

Petya ransomware victims can now unlock infected computers without paying.
http://www.bbc.com/news/technology-36014810

@Dashrender said:

When I was first hanging my own shingle as an IT consultant we were suggesting to all of our clients that they should purchase and install AV everywhere.

Even in the 1990s that was ridiculous. How does someone manage to get enough money to start a business or hire an IT consultant but doesn't have the brain power to use AV?

@Ambarishrh Glad to hear that did the trick!

@anonymous said:

Tron

Lightcycle

@Ambarishrh said:

@nadnerB Thank God i could remote it and do the things required, otherwise would be driving a bit far to do this! 🙂 Thanks to screenconnect, i was actually evaluating screenconnect as my go to tool for remote support, one thing i noticed is few windows message screenconnect didn't allow me to click ok to proceed, at that time it just shows that i am connected but not the guest. Used Teamviewer free for that to complete that action, so i have second thoughts about screenconnect!

When ScreenConnect is running as an admin process, you can click everything.

@scottalanmiller said:

Where DNS != DNS

That was CONFUSING

I knew exactly what @scottalanmiller issue was when I read his post.. I updated my post for clarity.

Some people would rather have their toes chewed off by rats that be held hostage by a clown.