Gravityzone Ransomware protection
Hi,
Just looking a quick answer on the Gravityzone Ransomware protection. One of our customers is showing as being hit by ransomware. We've looked at all the Network paths Bitdefender identified, and we can't see any encrypted files, scanned the source devices. We're fairly certain it's some sort of False Positive. The affected source endpoint is now refusing write access to the server hosting the files. Is this something the Ransomware detection does? If so how do we revert? Do we simply add an exclusion for the affected endpoint from the Gravityzone portal.
Any help appreciated.
Answers
-
Hello.
Since you need help with business product, @Alex_Dr could take a look here and help you.
Also, you can always contact the Bitdefender business support:
https://www.bitdefender.com/business/support/en/71263-85158-contact.html
Regards.
1 -
Hello @GemNetFrank,
False positive or not, i strongly suggest the endpoint in question be kept off the network so as to not spread potential malicious files to all endpoints connected to said network. At the same time, I recommend getting in contact with the Enterprise Support team and provide the following material: Support tool log (link here) & BDSyslog (link here) from the affected device as well as a sample of the files that were detected by Bitdefender, in a password-protected archive, in order for the support team to further escalate to the lab guys to evaluate.
This may as well have been a false positive, yet it's better to be safe and check all possible avenues thoroughly.
Let me know if you request additional information,
Alex D
1
