Kryptik-PFA [Trj]

[BudG]

We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Yes, even better....  Re-relase -0 as -4, and let us all get the fix...

This, please.

Yes - Great idea! - Please do!

[schester]

+1 on releasing the known good VPS as -4 so we can restore the files!

[REDACTED]

Luckily, I only have to deal with 30+ systems.  I know there are guys out there responsible for thousands.

I only hope that Avast finds a fix and releases an  updated definition soon.

The damage has been done...now we just need get Avast working properly and deal with the issues.

[HonzaZ]

The problem is, we are not sure the -0 is a "good" one. The problem started showing up shortly after the -3 update, that much is true, but we are not sure if releasing -0 as -4 would fix the issue.

Furthermore, if we wanted to release -0 VPS again, it would have to be processed by all the common processes. And if those processes released the faulty (if it is caused by it at all) -3 VPS, how can we be sure that the -4 will not be faulty as well?

To put it simply, we have to make sure the new VPS is perfect before releasing it. Thank you for your patience!

[REDACTED]

Pro-tip - turn on e-mail notifications. We caught this after a few minutes just by monitoring e-mails. After 1 or 2 calls, we knew there was going to be a serious issue if we didn't disable file system protection ASAP. Luckily our thousands of machines should be in good shape.

Good luck all!

[REDACTED]

The problem is, we are not sure the -0 is a "good" one. The problem started showing up shortly after the -3 update, that much is true, but we are not sure if releasing -0 as -4 would fix the issue.

Furthermore, if we wanted to release -0 VPS again, it would have to be processed by all the common processes. And if those processes released the faulty (if it is caused by it at all) -3 VPS, how can we be sure that the -4 will not be faulty as well?

To put it simply, we have to make sure the new VPS is perfect before releasing it. Thank you for your patience!

Thanks for the prompt reply, HonzaZ.

I hope your internal teams are able to resolve this ASAP and also come up with a way to minimize the damage done.

Good luck!

[HonzaZ]

We found the cause of the issue and are rolling an update as we speak (or, more precisely, as I type ).
Just a quick note - this only affected VPS5.
I will let you know when the update is online (ETA = 1 hour)!

[Rednose]

this only affected VPS5.

What is VPS5 ?

Greetz, Red.

[REDACTED]

We found the cause of the issue and are rolling an update as we speak (or, more precisely, as I type ).
Just a quick note - this only affected VPS5.
I will let you know when the update is online (ETA = 1 hour)!

for people lik me that did the reboot and deleted files, what can we do? :/

[REDACTED]

Pro-tip - turn on e-mail notifications. We caught this after a few minutes just by monitoring e-mails. After 1 or 2 calls, we knew there was going to be a serious issue if we didn't disable file system protection ASAP. Luckily our thousands of machines should be in good shape.

Good luck all!

Just curious.  Using e-mail notifications, how did you guys determine that the latest virus def was a bad one that was reporting false positives?

Seems to be the opposite of what one might do.  You get an alert that Avast has flagged some files as being infected and the first thing you do is disable file system protection?

[REDACTED]

for people lik me that did the reboot and deleted files, what can we do? :/

Go into the virus chest and restore the files.

[REDACTED]

Unfortunately you are probably out of luck and will have to do a re-image/restore of the system. The thing about the boot time scan is that all the protections that prevent Bad Things from happening to important files are disabled. If you picked the delete option, those files are gone.

[HonzaZ]

What is VPS5 ?

VPS5 is a version of virus database that is used by Avast 5 (rather old version), but for compatibility issues also by EndProtect (https://www.avast.com/endpoint-protection-suite). Avast for personal devices (99 % of our users) uses VPS9.

[REDACTED]

Typically viruses hit individuals - not groups of people simultaneously.  I think his suggestion is that if you see multiple people reporting a virus hit at the same time, especially if it happens right after a VPS update, it's likely a false-positive storm.  Especially if it occurred randomly (one user got it while in Excel, the other got it while on the web, and the 3rd got it while reading e-mail).

If you see patterns you can make good decisions.  If three users report a virus hit and all three were browsing the web, then it's likely the website was infected.  If all three were opening a link or attachment in a blasted e-mail, then it's likely an infected e-mail or attachment.  But if all three were doing completely different things - I'd think it's a storm.

It just takes experience and a gut feeling on what you're seeing.

[BudG]

Still not seeing any update rolling out...