PLP

I have uploaded a log file from one of the endpoints with the alert. archived2522-protection-log-2016-09-15.zip

Got my first one today at 2:44 PM EDT. I have spoken to my account manager and he is going to look into what is going on. Hopefully someone from MB support will update the forum with information soon.

Xord, you beat me to the punch, I was about update the forum that I am getting the same alerts about ransom.petya that we saw on Tuesday.

Thank you Mieke for the update.

My DB version is also showing v2016.09.13.07; my system updated at 6:46 AM EST and I got my first alert at 7:01 AM EST. As the clients update, I am getting more and more alerts. I too hope an engineer chimes in to tell us if this is real or a false positive and how to resolve this. The mdm.exe file at C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\ is getting quarantined on my endpoints.

Hello, got a bunch of alerts this morning showing the following path is infected with Ransom.Petya. Is this a false positive and is anyone else seeing this today? Ransom.Petya Quarantined C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe