Everon & Webroot Secure Anywhere

Standard

WSA_Plain_Logo_Color

Everon’s partner, ITSupport247, is now using a new antivirus provider called Webroot Secure Anywhere.  Webroot is based out of Colorado, in fact, Webroot is so close to our call center that we can see their building from where we sit (maybe they will let us take a tour someday!). Before the switch, Everon had been reviewing various antivirus software. After extensive research, and ultimately choosing Webroot Secure Anywhere as our official antivirus, we couldn’t be happier!

The management for most antiviruses for businesses take place in a centrally managed console on a server or workstation within the network, and all machines must report to that location. The centrally managed console is then the sole connection to the outside world where it will look for definition updates to the antivirus company’s servers. In most cases, if you are not constantly reviewing the console, ensuring it is up to date and pulling the definitions over on a daily basis, you could have issues. Most consoles work decent enough to allow their agents to pull definition updates from the Internet themselves in the event that the console is unavailable, however, you still have many variables that can go wrong. Did you update your notifications properly? Do you back up the local database that manages the console?

After rebuilding a few consoles from scratch due to database failures, I realized that if an antivirus builds their console into the cloud, that would make my life so much easier, and that is exactly what Webroot does. Webroot built the centrally managed consoles right in their collocation facilities, thus taking away a potentially huge point of failure for businesses.

Webroot allows setup within minutes, as you first determine how many seats you need. This is directly proportionate to how many machines you want to be protected with the antivirus. Once you determine that, you create custom groups for your company (you don’t want the same rules to apply for your servers as you do your desktops), and then you are ready to push the product out. Webroot gives you an easy to install link that you can simply run with no login required. It is built custom to your site, and will link the machine back to your site, with all of your rules intact. Notifications are easy as well. You don’t need to set up a custom SMTP server to route notification emails through, you simply choose what you want to be notified on, put in the email addresses in the appropriate locations, and you are done!

Webroot has made antivirus management easy and Everon is proud to provide it to our client base. The antivirus is even good at protecting its resources (which to be honest is probably the first thing you should be concerned with when choosing an antivirus). PCMag rated it one of the best antiviruses of 2015. One thing that is very important in the world of antiviruses is what type of imprint it makes on the machine. Some antiviruses have GBs of files used to manage itself and its definitions, or scans take multiple hours. Webroot is a very small, very light package with hardly any imprint to a machine. Its scans are quick and efficient, and reporting back into the console happens within minutes usually.

Webroot Secure Anywhere is a great antivirus! Give our engineers a call at 1-888-244-1748 to see if Webroot and Everon would be a good fit for your company.

Datto vs Cryptolocker

Standard

alto2box

A few months ago, I wrote about my love for Datto (found here), but it was never more apparent than when I had to go up against the dreaded Cryptolocker virus – head to head.

Cryptolocker has become one of the most notorious pieces of malware that our generation has ever seen. The malware infiltrates a network through various means (usually through Java exploits) and immediately searches out network shares. It encrypts the files, holding them ransom until you pay a VERY hefty fee to recover them. The encryption done by Crytolocker is very secure and it is always changing.

Most recently, I dealt with a case of this virus with a client who was exposed through a Java exploit. Although our antivirus (Webroot Secure Anywhere) picked up the virus and quarantined it,  Cryptolocker found shares and went to work immediately. This caused the client’s main share to become encrypted – with over 34,000 files affected. This could have potentially become a nightmare, but because we have dealt with this before and we had the comfort of a Datto, we sprang into action!

The first step was to assess the damage and determine the culprit. We went to our main console for Webroot Secure Anywhere and found a machine that was reporting the issues. We immediately pulled that machine from the network and left it unplugged. We always wipe the host machines as a precaution. We know that in most instances we can wipe the virus from a simple scan from Webroot or Malwarebytes, however, due to Crytolocker changing the malware so frequently, we don’t like to take chances. Cryptolocker is very easy to wipe from machines, as it doesn’t put anything overly complicated on the machines to infect the network. Its devastation is done in the encryption of the files.

Once the host machine was found, we disabled the affected share from the network, and began full scans of ALL machines in the network. We wanted to ensure no other machines were infected at this time, and disconnecting the share prevents further encryption from happening. With the share disconnected, we then went through the share and gathered up all of the files with the Cryptolocker extension. Because this changes on a regular basis, you just need to identify what is being used for you. In this instance, the extension was .trslcla (they keep making the extensions weirder and weirder). Once we have identified all files encrypted in the share, we then mounted our Datto restore point, ready to move the appropriate files back over.

Because encryption was random, and covered over 34,000 files, we used another product (one of my all-time favorites) called Syncback, made by 2BrightSparks. We installed this tool on our server and pointed the source to the Datto restore and the destination to the share. Syncback allows you to compare two directories, determine the differences, and do whatever necessary to rectify those differences. We deleted all encrypted files, and then asked Syncback to tell us what was missing from the share that Datto had in place. Syncback told us the various files (which came out to being only around 18 files off of our original estimate) and we proceeded to restore the files to the share.

Because of Datto’s ease in which you can do restores, pointing to its directory and simply comparing was so quick and easy. We had the client up and running in around 3 hours from when the initial infection was identified, and the client hardly missed a day’s worth of work. This is a shining example of why I will always support the Datto product. It allowed us to take, what could have been an absolute disaster, and turn it into a huge win.

There are certainly no shortages of Crytolocker blogs that we have written in the past. See herehere and here for more information on Cryptolocker. As always, if you find suspicious files on your computer, give Everon a call at 888-244-1748 or email us at help@everonit.com. We’re here for you.