21 October 11
OSX/Flashback.C False Positive
DAT 8630 was published at 1.45PM PST on October 20, 2011 and contained within it a faulty signature for OSX/Flashback.C. A MAC OSX file format was mistakenly matched as a Malware component resulting in multiple files being renamed or quarantined depending upon the policy settings. The resulting impact is a potentially unbootable system. DAT 8632 has been published at 4:30AM PST on October 21, 2011 to remedy the faulty signature. In the event that your system did not update to DAT 8630 or did not report a detection for OSX/Flashback.C you will not be impacted by this false positive.
The Total Defense Support and Research teams are currently working on a remediation script that will recover the affected files via boot from recovery CD or USB. It is recommended that you do not reboot an affected machine at this time to aid in the recovery effort. Affected machines are those that have reported a OSX/Flashback.C detection after updating to DAT 8630. This is an ongoing response effort and updates will be forthcoming here and via your Support contacts.
Update: Remediation scripts and additional recovery logic is available via our Support department. Please contact your Support representative for further assistance.