Welcome to the self-service portal. Please register to establish an account or login to continue.

Here you can browse the knowledge base, submit a service ticket or track prior requests.


Advisory: Bad Rabbit Ransomware

The latest malware threat Bad Rabbit appears to be a Petya/NotPetya variant sharing approximately 67% of its code with known Petya DLL’s. At the moment, it seems to be primarily targeting organizations in Russia and Eastern Europe but could easily spread. The malware encrypts files and replaces the MBR (Master Boot Record) of the device infected effectively disabling the device. The user is then presented with the option to pay a ransom of 0.05 Bitcoin (about US$275) to decrypt the device. There is no evidence yet whether or not paying the ransom actually decrypts the device.

Bad Rabbit masquerades as an Adobe Flash update, tricking the end user to install it. This can be delivered via a compromised website accessed by the user or an email attachment. Once a device is infected it also attempts to spread across the local network via SMB protocol using a dictionary of common/weak credentials. This differs from variants like WannaCry because it does not take advantage of an exploit which can be patched, but rather weak username and password combinations.

Our Managed Antivirus has already released definition updates for known Bad Rabbit variants. It will be detected by MAV as Gen:Heur.Ransom.BadRabbit.1 and Gen:Variant.Ransom.BadRabbit.1. Some websites are reporting that creating two files named infpub.dat and cscc.dat in the C:\Windows directory and removing all rights, including execution, to those files “vaccinates” the device against Bad Rabbit but this is not verified.

Be aware that there seems to be a specific targeting of infrastructure and media organizations but could affect any users. Due to the nature of MBR replacement disabling access to the device, critical systems should be backed up in a manner that will facilitate a full system or bare metal restore to speed recovery in situations where decryption may not be possible.

Wi-Fi Security Compromise

Researchers have detected a vulnerability through which Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key re-use, resulting in key re-installation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

Since WPA2 is a protocol that secures all modern protected Wi-Fi networks, laptops, desktops, phones, and other devices that support Wi-Fi are likely affected. Major developers, including Microsoft and Google, have stated they will be releasing patches soon.

Actions to Take:

The number and type of devices connecting via Wi-Fi continues to grow. Understand what devices are present in your network, and be prepared to patch them as fixes become available. As a best practice, it is critical you have a proactive patching program in place.


Users of Windows need to be notified ASAP of a new ransomware strain and take immediate measures to patch

Specifically, on May 12, 2017 a new strain of the Ransom.CryptXXX (WannaCry) strain of ransomware began spreading widely impacting a large number of organizations, particularly in Europe.

Wcry is demanding a ransom of $300 to $600 in Bitcoin to be paid by May 15, or, in the event that deadline is missed, a higher fee by May 19. The messages left on the screen say files will remain encrypted. It's not yet clear if there are flaws in the encryption scheme that might allow the victims to restore the files without paying the ransom.

If you have yet to install the Microsoft fix—MS17-010— you should do so immediately. You should also be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on Web links.

If you have seen nonstandard activity and believe your customers’ information may have been exposed, please contact us.

mySQL Server Improvements, Apr 14 at 4pm CST


We will be working to improve service on your MySQL server this Friday, April 14th, starting at 4PM CST. This maintenance is estimated to take up to 2-3 hours to complete with a total of roughly 2 hours of periodic downtime.

As part of this improvement, we will be upgrading your MySQL server to improve stability as well as patching it for potential vulnerabilities. There should be no data loss, but connectivity will be affected by this maintenance, and changes to your databases should not be made until the maintenance is complete.

Please contact our support team if you have any questions or concerns.

We hope you enjoy the resulting service improvements!

Scheduled Maintenance for TeamViewer, April 8th

We’ve been informed by TeamViewer that they’ll be performing maintenance work during the weekend of Saturday April 8th. This will affect both the standalone TeamViewer integration and the TeamViewer version of Take Control.

TeamViewer is moving their infrastructure to a new data center. The maintenance period for the migration work is scheduled for 8 hours at these times:

Saturday, April 8th, 2017, 12:00 PM to 9:00 PM CST

The move will impact the availability of the TeamViewer service. While existing sessions will not be affected during the move, you will not be able to start new sessions or add participants to existing sessions. For more details, visit TeamViewer’s community page.

The MSP Anywhere version of Take Control is not impacted by this work

Managed Antivirus (Bitdefender) database maintenance, April 4th at 3am CST

We will be performing database maintenance with our hosting provider on our Managed Antivirus (Bitdefender) service. During this time, installs will show as pending, and the Anti-virus North pane menus and South pane tab will not load. The anti-virus endpoints will continue to function on their normal scanning and definition update schedule. The update may take up to an hour. Thank you for your patience.

ABS Dashboard Systems Update: Rolling Out New Load-Balancers, Mar 6th

Starting from next week, we’ll be gradually rolling out new load-balancers for the agent upload endpoints for the ABS Dashboard.

The IP addresses of the new load-balancers are listed below per territory. If you have a restrictive firewall configuration, and need to explicitly authorize outbound traffic going from the agents to the agent endpoints, then please make sure the relevant IP address for your territory is added to your firewall whitelist.

Web Hosting Network Maintenance Scheduled, Feb 8th

We wanted to let you know we are planning a proactive network maintenance on February 8th, 2017 at 12:30pm CST in order to further improve network reliability. This has a planned maintenance window of four hours, and will result in server unavailability of up to 45 minutes.

Once the maintenance has begun, please avoid adding or modifying databases on your MySQL server, as we will be unable to process any database-related changes during this time (and those changes may be lost).

This will only affect availability of your web servers and MySQL servers during the maintenance period -- your email will not be affected.

We apologize for the inconvenience, and appreciate your understanding.

Managed Antivirus (Bitdefender) update, Jan 28th at 7am CST

We have a new Bitdefender engine that we wish to roll out to the Managed Antivirus service. This update will download automatically on current installs of Bitdefender MAV if not set otherwise in the policy. We’re planning to push this update around 7am CST on Saturday, January 28th. The update can take up to 24 hours before being applied to the machine.

This update should not require a reboot. If any issues are encountered during the upgrade that do request a reboot, the reboot status will be reported up to the ABS Dashboard. Please watch the dashboard for machines reporting a reboot request.

Here is the change log for the new build:

New Features and Improvements

  • Added support for Windows Server 2016.
  • Added support for Windows 10 Redstone.
  • Integrated the OpenSSL version 1.0.1tin the security components of the product. For more information, refer to OpenSSL Security Advisory (English only)
  • Added exclusions for System Center Configuration Manager 2012 (SCCM 2012) following Microsoft recommendations.
  • Added support for Scan SSL in the Firefox 64-bit browser.

Resolved Issues

  • On certain VMWare workstations, the Antimalware module caused Compass software slowdown.
  • In some situations, Windows 10 systems displayed BSOD when scanning EFS encrypted files through File System Redirector.
  • Fixed an issue where Advanced Threat Control caused delays on loading websites in Internet Explorer when folder redirection was activated in Group Policy Object (GPO).
  • Fixed the ZDI-CAN-3749 and ZDI-CAN-3829 vulnerabilities reported by Zero Day Initiative through responsible disclosure.
  • In some cases, Endpoint Security could not be installed on machines running Wyse TCX.
  • When installing Endpoint Security with Advanced Threat Control (ATC) on Windows 10 x64 systems, some machines entered recovery mode.
  • Fixed OpenSSL vulnerability CVE-2016-2107.
  • Fixed an issue which affected the scan process on Windows 10 machines, when Offline Files feature was enabled.
  • In some situations, after updating Windows Server 2012 R2 machines with Endpoint Security installed, a slight slowdown was experienced at boot time.
  • Fixed an issue which caused On-Demand scan to display error code 1460.
  • Fixed an issue with Advanced Threat Control (ATC) that was causing backups to fail when using VSS and Veeam 8.
  • Fixed an incompatibility between Endpoint Security and the Sales Assistant for Windows 8 application.
ABS Dashboard Scheduled Maintenance, Jan 14th

We’re planning to perform systems maintenance on Saturday, 14th January. The work will affect ABS Dashboard access and services in the North and South America region. Other regions are not affected. As is our normal practice, the work will be performed out of office hours to minimize disruption.

The maintenance schedule is as follows:

  • North & South America – 1:00am to 5:00am CDT, Jan 14th

During this time, we’ll be performing essential maintenance to our firewalls. We expect downtime of around half an hour within this window, at which point the ABS Dashboard won’t be available.

Services on end-point devices, including Managed Antivirus, Patch Management, Web Protection and Online Backup & Recovery, are not affected and will continue to perform as normal during this period.

Browse Articles
View our database of help articles and frequently asked questions.
Submit New Ticket
Submit a new ticket to our support team.
My Tickets
View a summary of all tickets you have raised with us. You'll need to sign up for a free web account to use this.
Track Ticket
You can track any existing issues raised with us here using just the ticket id and access code.

Recent Articles

  • No articles found

Password Reset

Enter your email address below, and we'll send you a new password.