We are excited to confirm this issue has been fully resolved as of Dec 11th evening. All alerts completed processing and our monitoring confirms over the night and early today no additional events have been created. Please feel free to acknowledge all Reputation alerts for the rwdwrapper.exe event. No other action is required.
Posted Dec 12, 2024 - 11:07 EST
Update
The updates made this morning are progressing across each tenant. We will continue to monitor and expect to see every tenant updated and resolved shortly.
Posted Dec 11, 2024 - 16:18 EST
Identified
The previous fix did not fully resolve the issue and some tenants are still getting false positive alerts for the "RWDWrapper.exe" file. The R&D team have identified more areas to correct this behavior and are working to fix them.
Posted Dec 11, 2024 - 16:00 EST
Monitoring
We recognize the increase in reputation alerts regarding the Ransomware rwdwrapper.exe file. This file has been incorrectly flagged by third party threat intelligence.
At this time, we have successfully mitigated this issue.
Old alerts for the file will remain in the alert list and should be acknowledged. New alerts for the file will not be raised after 10:30 AM ET / 3:30 PM GMT as agents work through any potential backlog. There is not action you need to take at this time.
Posted Dec 11, 2024 - 12:53 EST
This incident affected: Datto EDR (Detection Engine).