Author Topic: Kryptik-PFA [Trj]  (Read 56732 times)

0 Members and 2 Guests are viewing this topic.

Offline qwit2win

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #30 on: May 06, 2015, 10:20:02 PM »
Agreed

The exclusions we put in for Chrome were:

*\chrome.exe
chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

...and so far so good! Ed, I made the change you just suggested as well. Evidently there is NO TELLING what this is going to flag. From Office to Chrome to system .DLL files, nothing appears to be safe. Unfortunately the best move we can make now is to "disable" the AV altogether.

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #31 on: May 06, 2015, 10:22:09 PM »
I find this ironic:  https://www.avast.com/en-us/virus-update-history

6.5.2015 - 150506-3

This VPS update contains only fixes to existing definitions or removal of false alarms.

Yeah - "removal of false alarms" didn't go so well.

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #32 on: May 06, 2015, 10:23:08 PM »
Same here, we have thousands of messages with files being moved to chest and its even flagging the Chrome executable.
the Virus page at avast shows that
https://www.avast.com/en-us/virus-update-history shows ...

6.5.2015 - 150506-3
This VPS update contains only fixes to existing definitions or removal of false alarms.

but we are still getting thousands of notifications.

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #33 on: May 06, 2015, 10:27:16 PM »
I find this ironic:  https://www.avast.com/en-us/virus-update-history

6.5.2015 - 150506-3

This VPS update contains only fixes to existing definitions or removal of false alarms.

Yeah - "removal of false alarms" didn't go so well.

Wow, May is a pretty strange month...   The 4th was "Starwars Day", the 5th was "Cinco de Mayo", I didn't realize the 6th was "tragically opposite day"...

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #34 on: May 06, 2015, 10:30:43 PM »
We have totally disabled the "File System Shield" for now.
USA - Midwest.

lots of Intel Graphics dlls, seems like dlls all across the board.

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #35 on: May 06, 2015, 10:36:57 PM »
My School district of 300 computers just got hit also

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Kryptik-PFA [Trj]
« Reply #36 on: May 06, 2015, 10:38:59 PM »
Hi all,
Thanks for the info, we are very well aware of this detection and we are currently investigating what happened. Measures have been already taken to mitigate the impact of this (what appears to be) false positive.
Sorry for any inconvenience - we will surely let you know more info as soon as possible!

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #37 on: May 06, 2015, 10:41:24 PM »
Hi all,
Thanks for the info, we are very well aware of this detection and we are currently investigating what happened. Measures have been already taken to mitigate the impact of this (what appears to be) false positive.
Sorry for any inconvenience - we will surely let you know more info as soon as possible!

Can you please rollback to 150506-0 to the mirrors so we can re-enable real time file system shields while you investigate the matter further?

Offline Infratech Solutions

  • Avast Reseller
  • Super Poster
  • *
  • Posts: 2390
  • Mayorista e integrador de Avast en España
    • Ciberseguridad Avast para empresas y MSPs en España.
Re: Kryptik-PFA [Trj]
« Reply #38 on: May 06, 2015, 10:45:05 PM »
Quote
Can you please rollback to 150506-0 to the mirrors so we can re-enable real time file system shields while you investigate the matter further?

+1

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Kryptik-PFA [Trj]
« Reply #39 on: May 06, 2015, 10:51:20 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Offline qwit2win

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #40 on: May 06, 2015, 10:52:52 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #41 on: May 06, 2015, 10:53:13 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can we manually "downgrade the mirror" on SOA console if we download the VPS package from here:  https://www.avast.com/download-update


??

REDACTED

  • Guest
Re: Kryptik-PFA [Trj]
« Reply #42 on: May 06, 2015, 10:53:48 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Yes, even better....  Re-relase -0 as -4, and let us all get the fix... 

Offline CSEIT

  • Newbie
  • *
  • Posts: 7
Re: Kryptik-PFA [Trj]
« Reply #43 on: May 06, 2015, 10:56:51 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Yes, even better....  Re-relase -0 as -4, and let us all get the fix...

This, please.

Offline qwit2win

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #44 on: May 06, 2015, 10:57:02 PM »
Exactly.

We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Yes, even better....  Re-relase -0 as -4, and let us all get the fix...