alfred Posted September 26, 2010 Report Share Posted September 26, 2010 All, Each day, 7 days a week, 3 times a day, we manually review our FP's and vet them. We do this by looking at what files our users roll out of Quarantine. We examine each file. In many cases I find users who are rolling things out of Quarantine that are actually threats. In this case the roll backs are where the user, sees us (correctly) id a threat and quarantine it yet they still roll it back out of Quarantine. Nearly every time this is because the threat is masquerading as software they really want to run. In the last 24 hours 37 different Community users rolled back this SHA (and related threat name): AA0BBAECB678868E1E7F57C7CA9D61B608B3D788BE490790EB1D148BEADF4615 Trojan.Rootkit-1503 It's our biggest single item rolled out of Quarantine in the last 24 hours. The rub is, this threat is real. In fact it's Conficker. http://www.virustotal.com/file-scan/report.html?id=aa0bbaecb678868e1e7f57c7ca9d61b608b3d788be490790eb1d148beadf4615-1282200455 Goes to show how insidious some of the packaging and social engineering can be to get people to run threats. al Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.