JohnSand15 Posted June 23, 2016 ID:1047127 Share Posted June 23, 2016 Hello all, I wanted to make everyone aware of an issue that we have while participating in the open beta. Our first issue that we have run into is a false positive on malware\ransomware where the software identified one of our applications (authenticat.exe) as a ransom agent. This false positive is in actuality an application that is installed via group policy by us. It authenticates the end user to our M86 web filter and authorizes traffic restrictions and freedoms for web browsing. On the other hand, when the software was needed it had unfortunately missed a rather bad case of ransomware that was spread throughout our file server. The file rename scheme was named batman@aol.com_xtbl. It encrypted files with a .xtbl extension. Our backups made quick work of it, I just wanted to make you all aware of one that slipped through the cracks. I really appreciate all your hard work in this venture. Thanks for having an open beta of this software. We will continue to participate in the open beta and I will share any more information I have. Thanks! Link to post Share on other sites More sharing options...
1PW Posted June 23, 2016 ID:1047244 Share Posted June 23, 2016 Hello JohnSand15 and Please carefully read the locked and pinned topic in this sub-forum, How to report a False Positive and for developer analysis, kindly attach the 3 requested .zip archives to your next reply in this thread. If an exclusion has not already been entered, a temporary exclusion entry might then be made available to prevent a re-occurrence for your individual system. Thank you for beta testing MBARW and your feedback. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now