Webroot SecureAnywhere Discussion & Update Thread

Great post, Muddy3. Your story is very similar to mine. Like you, I used to get infected once or twice a year every year until I got tired and decided to do something about it. In my case, I wanted something that dont depend on signatures and can handle zero day threats, thats how I found Sandboxie. And it has worked for me as I haven't gotten infected for more than 7 years. You are doing it with WSA, stick with it. It works for you, that's all that matters. Who cares if one or two in this forum accuses us as being fanboys for using what works for us.

Bo

 

This is as true today as it was then. Even today's so-called "top" security softs - like Kaspersky and Bitdefender - fail to protect a system in all cases - against anything and everything. With the current state of IT security, there is only so much that any security soft can do.

Anyone can get any AV to fail to protect a system... it's just a matter of finding the weaknesses and targeting those weaknesses.

That being said, Webroot - used properly - will protect the system in the vast majority of typical use cases. It isn't perfect security, but it is pretty good security.

No AV is perfect. None will protect a system in the most high-risk scenarios; infection is just a matter of time.

 

No one in my family (Teenagers included)

I have no faith in YouTubers for testing.

My feelings exactly.

 

Of coarse that kid the Malware Dr..Who previously failed WSA in a regular test scored 100% in a rollback test..He was amazed

 

I don't understand why my WSA-AV has not updated from 9.0.8.66 even though my subscription is active. When I click on 'check for update' (from the tray icon) it says that I'm using the latest version, etc., etc.

 

It does over a few days but if you don't want to wait download and install over top or do a clean reinstall!

Thanks,

Daniel

Please follow the steps closely!

• Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
• KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
• Download a Copy Here
  
• Uninstall WSA and Reboot
• Install with the new installer, enter your Keycode and don't import any settings if asked to as you can set it up as you like once it's done
• Let it finish it's install scan
• Reboot once again

 

Thanks Daniel. Btw, what is the newest (final) version?

Also I just noticed that you say it's okay to install over my current install, yet your instructions indicate otherwise?

 

Version 9.0.8.80 (Released April 18th, 2016)
Enhanced

• Implementation of Microsoft Windows 10 user experience requirements.

http://www5.nohold.net/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=1098&

 

I'm running Win7 x64 (SP1) so perhaps the updates subsequent to 9.0.8.66 just don't apply?

 

I'm not sure if anyone uses WSA with Eset, but WSA's Identity Shield prevents Eset from injecting into web browsers. It does on my machine anyway. Support said it could possibly affect other AV's that inject into the browser as well. They said they will release a fix soon. I didn't get a chance to report it until 3 days ago, and we finished with the ticket yesterday. I'm not sure how long it will be before a fix is released.

 

It really applies to all Windows OS's from XP to Win 10 as there is only one version.

 

Well I can see why....but isn't it more secure not to break the Identity Shield if they can't come up with a fix just saying? As things get more sophisticated in the AV market there will be some incompatibilities as everyone is trying to inject itself into Browsers and processes. I hope they come up with a fix without braking ID Shield!

 

I informed Webroot I don't recommend sacrificing security to accommodate Eset. I asked support if it could be fixed without sacrificing security. I asked them if they had any recommendation for Eset as far as changing their injection method to avoid the conflict, and they said something like they pride themselves on being the only AV compatible with other AV's so they would try to fix the problem. I'm paraphrasing the jest of their reply. I don't have the support ticket to look at right now. Maybe they know a way of doing it without sacrificing security. Maybe they can just whitelist Eset's .dll by using hash, i'm not really sure. They said if they fix it and WSA blocks Eset's .dll again in later builds then I will have to choose Eset's browser protection, or Webroot's Identity Shield Protection. I'm using WSA on one of my computers, and Eset on another at the moment. I'm not really sure I will want to use them together. I was just testing their compatibility when I discovered the issue. I hope I made it clear I was not pushing to sacrifice security in order to accommodate Eset, but as it stands they are not fully compatible, at least not on all machines.

 

I'm sure they do and they always do there best!

Thanks,

Daniel

 

No problem. Btw.. in my experience Webroot still has the best support for a large security company. They responded to my support ticket 23 minutes after submitting it, and continued to respond quickly after each reply.

 

Triple Helix, I read a post over at Webroot's forum where you state "Also look for something to come in the near future to deal with Exploit's!". https://community.webroot.com/t5/We...rnet/Exploits/m-p/173557/highlight/true#M4174 Does Webroot intend to add Exploit Protection to block Exploits in Memory?

 

Daniel,

Version 9.0.8.80 installed over 9.0.8.66 without a hitch - worked just like an update - I didn't even have to reenter the keycode.

Thanks again,
Cruise

 

No not anymore they are concentrating on the Payload and other protection via the client from any Exploits, and that was a year and half ago times have changed.

Daniel

 

Great and you shouldn't have to reenter the keycode when installing over top as it's just like when WSA self updates!

Thanks,

Daniel

 

WRLog shows that WSA is continuing to monitor some programs marked 'Allow', including file managers XYplorer and FreeCommander. Is that an indication that something is wrong and I need to re-install?

 

It will until the Webroot Cloud Database says it's good or bad but while you set it to allow it's monitoring at a lower level, to get it Whitelisted faster please Submit a Support Ticket and they will do it for you!

Thanks,

Daniel

 

Okay, thanks. Will do. I'm surprised that some of these programs (e.g. Macrium Reflect) that are in widespread use still haven't been submitted.

 

Can you save a scan log and just post the lines that are being monitored and any with U in front! See the different levels of monitoring the higher the more deeper it monitors and allows less access to sensitive system processes. I can't say more as we don't want the bad guys to know more about WSA's tech!

Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 3 (2830)
Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 4 (2830)
Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 8 (2830)
Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 6 (2830)
Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 3 (2831)
Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 4 (2831)
Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 8 (2831)
Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 6 (2831)

U means Unknown to the Webroot Cloud Database so it's being Monitored above at these levels.
Scan Started: Thu 2016-04-21 13:00:11
[U ] c:\program files\voodooshield\voodooshield.exe [MD5: 39AABEB9CE84AD83A1048D1EF81E5610] [Flags: 08081011.2830]
[U ] c:\program files\voodooshield\voodooshieldservice.exe [MD5: 86AFB18B04E4F6CD2E5AFD766FD32359] [Flags: 00081011.2831]

 

The list of unknowns is about 170 entries long. Mostly, the entries are unsurprising, but there are a few programs I'd think are fairly common. A few examples:


c:\program files\bandizip\bandizip32.exe [MD5: E4917E53F8897412336884F72FED66A5] [Flags: 111E1100.8909]
c:\program files\utilities\process hacker\processhacker.exe [MD5: 68F9B52895F4D34E74112F3129B3B00D] [Flags: 10181100.8942]
c:\program files\macrium\reflect\reflect.exe [MD5: CC7C2654895E16FF4277004EA22E5841] [Flags: 10181101.8977]
c:\program files\freecommander xe\freecommander.exe [MD5: 9F73DA23122549FED9F331EEA3FAB5E6] [Flags: 10181101.9607]
c:\program files\linkman\linkman.exe [MD5: 4BA55549826FEF2C8CE49987D75C0613] [Flags: 191E1110.9113]
c:\program files\wincatalog 3.x\wincatalog.exe [MD5: B3B917F295F3259DD82BF52D25ADE0D8] [Flags: 10181101.9133]

XYplorerFree does not appear in the list of unknowns, but still appears to be monitored at a low level:

Thu 2016-04-21 17:22:31.0726 Monitoring process C:\Program Files\XYplorer\XYplorerFree.exe [8503092F8D97C73B6A57EA39B7A15110]. Type: 1 (8097)


Here are the last few monitoring entries from the scan log:

Thu 2016-04-21 17:43:11.0093 Monitoring process C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5.exe [8356BD6BA44B0B05143C70F32198FC61]. Type: 4 (9315)
Thu 2016-04-21 17:43:11.0093 Monitoring process C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5.exe [8356BD6BA44B0B05143C70F32198FC61]. Type: 8 (9315)
Thu 2016-04-21 17:43:11.0093 Monitoring process C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5.exe [8356BD6BA44B0B05143C70F32198FC61]. Type: 6 (9315)
Thu 2016-04-21 17:44:56.0874 Monitoring process C:\Program Files\Linkman\Linkman.exe [4BA55549826FEF2C8CE49987D75C0613]. Type: 4 (9113)
Thu 2016-04-21 17:44:56.0874 Monitoring process C:\Program Files\Linkman\Linkman.exe [4BA55549826FEF2C8CE49987D75C0613]. Type: 6 (9113)
Thu 2016-04-21 18:22:51.0095 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 4 (8942)
Thu 2016-04-21 18:22:51.0127 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 8 (8942)
Thu 2016-04-21 18:22:51.0127 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 6 (8942)
Thu 2016-04-21 18:51:45.0696 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 4 (9607)
Thu 2016-04-21 18:51:45.0758 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 8 (9607)
Thu 2016-04-21 18:51:45.0758 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 6 (9607)
Thu 2016-04-21 19:35:44.0980 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 4 (8887)
Thu 2016-04-21 19:35:45.0027 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 8 (8887)
Thu 2016-04-21 19:35:45.0027 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 6 (8887)
Thu 2016-04-21 19:35:47.0110 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 4 (8887)
Thu 2016-04-21 19:35:47.0141 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 8 (8887)
Thu 2016-04-21 19:35:47.0141 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 6 (8887)
Thu 2016-04-21 19:35:47.0251 Monitoring process C:\Windows\system32\udefrag-dbg.exe [2034EC8AD08782B08AA5F7C4EBD1B922]. Type: 4 (8885)
Thu 2016-04-21 19:35:47.0251 Monitoring process C:\Windows\system32\udefrag-dbg.exe [2034EC8AD08782B08AA5F7C4EBD1B922]. Type: 8 (8885)
Thu 2016-04-21 19:35:47.0251 Monitoring process C:\Windows\system32\udefrag-dbg.exe [2034EC8AD08782B08AA5F7C4EBD1B922]. Type: 6 (8885)
Thu 2016-04-21 19:36:25.0237 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
Thu 2016-04-21 19:36:25.0424 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
Thu 2016-04-21 19:36:25.0424 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
Thu 2016-04-21 19:36:25.0627 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
Thu 2016-04-21 19:36:25.0798 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
Thu 2016-04-21 19:36:25.0798 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
Thu 2016-04-21 19:36:27.0694 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
Thu 2016-04-21 19:36:27.0866 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
Thu 2016-04-21 19:36:27.0866 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
Thu 2016-04-21 19:41:14.0158 Monitoring process C:\Program Files\WinCatalog 3.x\WinCatalog.exe [B3B917F295F3259DD82BF52D25ADE0D8]. Type: 4 (9133)
Thu 2016-04-21 19:41:14.0329 Monitoring process C:\Program Files\WinCatalog 3.x\WinCatalog.exe [B3B917F295F3259DD82BF52D25ADE0D8]. Type: 8 (9133)
Thu 2016-04-21 19:41:14.0329 Monitoring process C:\Program Files\WinCatalog 3.x\WinCatalog.exe [B3B917F295F3259DD82BF52D25ADE0D8]. Type: 6 (9133)
Thu 2016-04-21 19:41:51.0216 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 4 (9607)
Thu 2016-04-21 19:41:51.0279 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 8 (9607)
Thu 2016-04-21 19:41:51.0279 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 6 (9607)

 

@layman did you Submit a Support Ticket to get your files whitelisted?

And my version of Process Hacker is Whitelisted maybe update to the latest!

[G] d:\program files\process hacker 2\peview.exe [MD5: DDE1F44789CD50C1F034042D337DEAE3] [Flags: 40011000.605]
[G] d:\program files\process hacker 2\processhacker.exe [MD5: B365AF317AE730A67C936F21432B9C71] [Flags: 40011000.608]
[G] d:\program files\process hacker 2\unins000.exe [MD5: 43EA49877A2A1508BA733E41C874E16E] [Flags: 40000000.609]




Also this is marked Good! Thu 2016-04-21 17:22:31.0726 Monitoring process C:\Program Files\XYplorer\XYplorerFree.exe [8503092F8D97C73B6A57EA39B7A15110]. Type: 1 (8097)

You can check the MD5's here: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx?



Thanks,

Daniel