Datto incident

Datto AV – Behavioral Detection Update

Notice Resolved View vendor source →

Datto experienced a notice incident on April 1, 2026 affecting Datto AV, lasting 1d 20h. The incident has been resolved; the full update timeline is below.

Started
Apr 01, 2026, 04:53 PM UTC
Resolved
Apr 03, 2026, 01:24 PM UTC
Duration
1d 20h
Detected by Pingoru
Apr 01, 2026, 04:53 PM UTC

Affected components

Datto AV

Update timeline

  1. identified Apr 01, 2026, 04:53 PM UTC

    We are aware of a low-frequency issue where certain legitimate files may be unexpectedly quarantined by a behavioral detection component. What’s happening In rare cases, a behavioral detection module may briefly activate during endpoint startup before policy settings are fully applied. During this short window, files that would normally be allowed may be flagged and quarantined. Customer impact Low probability, but non-zero Quarantined files may not generate alerts in the console Files cannot currently be restored directly from the portal What we’re doing Implementing a fix to ensure this component does not activate during startup Rolling out updates in a controlled manner Actively monitoring to ensure the issue is fully resolved What you should do If you believe this has impacted your environment: Contact Support Our team can assist with restoring files from quarantine !!! Important !!! Do not remove AV licenses from affected devices, as this may result in permanent deletion of quarantined files. Next update We will share progress as rollout completes and the fix is fully deployed.

  2. identified Apr 02, 2026, 03:03 PM UTC

    A fix has been developed and this will be released tonight, after 12am(EST) and applied during your next set maintenance window.

  3. resolved Apr 03, 2026, 01:24 PM UTC

    A fix was deployed 4/2/26 after 11pm and will install to agents during the next set maintenance window.

  4. postmortem May 12, 2026, 03:07 PM UTC

    **Summary** Between **February 26, 2026 and April 3rd, 2026**, a subset of Datto AV customers experienced unexpected file quarantines. In these cases, Datto AV incorrectly identified certain legitimate files as threats and quarantined them. **Root Cause** The issue was caused by a Datto AV update released on **February 26, 2026**. This update did not deploy the required application exclusion file to systems where Datto AV had originally been deployed through Datto RMM **prior to June 2025**.` ` As a result, impacted systems lacked the necessary exclusions and misidentified certain files as malicious, leading to unintended quarantines. A corrective update was released on **April 3rd, 2026**, which deployed the missing exclusions and resolved the issue. **Incident Timeline** * **Identified:** March 05, 2026 * **Resolved:** March 20, 2026