Our BD isn’t eating it at all thankfully. Version 180 did fix a chat bug with a client of ours where chat just would be blank and not work.
Thank you @DBlue for better articulating what I couldn’t last night.
@Andy I think what is not being grasped is the potential severity of an incident of this nature. Yes, thankfully it turned out to be a false positive, but that is secondary to the incident response handling process. With an event like this it needs to be treated and triaged as though it is a breach until it is confirmed that it isn’t, not the other way around.
You should have used the biggest guns in your arsenal, called team leads back to their desks and waken the CEO. And if you did all of those things, kudos. Without informing us though, you may as well not even have an incident response policy. Wait, do you?
7 hours waiting for an update while your team ‘worked with bitdefender’ is a huge communication failure.
3CX also thought it was a false positive at first, and then they all went home for the night. All it takes is one compromised third party library being called. As small a thing as an icon pack… Or, an application like Syncro.App.Runner.exe communicating with an Akamai CDN IP that hosts compromised files: VirusTotal
Lastly, please don’t take it as a personal attack when I say ‘you should have’. I know the failure isn’t yours, personally. It is Syncro’s. I’m sorry that you, as the face, have to take the brunt of our vitriol.
Mine stopped alerting Thursday night, but BD official released an update yesterday afternoon for the false positive. There is a possibility that BD was blocking Syncro Recovery from restarting the service. I was provided info for adding exceptions for them and I checked and all of mine are online. Those exceptions may not be needed since it should no longer be acting on the file, but I added the below to the malware and anti-exploit temporarily.
C:\ProgramData\Syncro\bin\Syncro.Overmind.Service.exe
C:\ProgramData\Syncro\bin\Syncro.Overmind.ServiceUpdate.exe
C:\ProgramData\Syncro\bin\Syncro.Overmind.ServiceUpdate.bat
Yeah so far we’ve seen only positive reports after BitDefender pushed that update. Glad to hear that was the case with you as well.
I’m having this issue with Sentinel One now flagging it as malicious
Program Files\RepairTech\LiveAgent\SyncroLive.Service.Runner.exe
ProgramData\Syncro\bin\Syncro.Overmind.Service.exe
Can you please report this to support if you haven’t already so they can dig into it?