Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    292
    Haven't had time to submit a ticket yet, but note that I am running the current vn of Process Hacker.

    upload_2016-4-22_9-55-49.png
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    When was the last time you did a scan so the client can communicate with the Cloud? Sorry I see you did one yesterday can do do another from the Webroot UI a click Scan my Computer.

    Thanks,

    Daniel
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Can you please do a clean reinstall of WSA!

    Please follow the steps closely!
    • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
    • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
    • Download a Copy Here (Best Buy Subscription PC users click HERE)
    • Uninstall WSA and Reboot
    • Install with the new installer, enter your Keycode and don't import any settings if asked to as you can set it up as you like once it's done
    • Let it finish it's install scan
    • Reboot once again
     
  4. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    This is odd as well:

    Your MD5 is:
    Thu 2016-04-21 18:22:51.0095 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 4 (8942)
    Thu 2016-04-21 18:22:51.0127 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 8 (8942)
    Thu 2016-04-21 18:22:51.0127 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 6 (8942)

    Mine is:
    [G] d:\program files\process hacker 2\processhacker.exe [MD5: B365AF317AE730A67C936F21432B9C71] [Flags: 40011000.608]

    Where did you get yours from?

    2016-04-22_10-15-23.png
     
  5. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    292
    I once before had a situation where a 'good' program was being monitored and reinstalling took care of the issue. Won't hurt to reinstall.

    Thanks.
     
  6. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    292
    Our messages crossed. I believe I downloaded Process Hacker from FileHippo. The MD5 on the installer matches yours, but the installed executable matches the one shown in my log. Hmmmm.
     
  7. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    292
    I uninstalled Process Hacker, downloaded it again from the project site on sourceforge, and reinstalled. The MD5 remains the same as shown in my log and does not match yours.
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    That is very odd as I just downloaded it again and installed over top and mine shows Good. But there are new files but the same Hash for the installer?

    [U ] c:\users\daniel\downloads\processhacker-2.39-setup.exe [MD5: 54DAAD58CCE5003BEE58B28A4F465F49] [Flags: 00001000.3421]



    [U ] d:\program files\process hacker 2\x86\processhacker.exe [MD5: 68F9B52895F4D34E74112F3129B3B00D] [Flags: 00001000.3449]
    [U ] d:\program files\process hacker 2\kprocesshacker.sys [MD5: 1B5C3C458E31BEDE55145D0644E88D75] [Flags: 00011000.3448]
    [U ] d:\program files\process hacker 2\x86\processhacker.exe [MD5: 68F9B52895F4D34E74112F3129B3B00D] [Flags: 00001000.3449]
    [U ] d:\program files\process hacker 2\plugins\onlinechecks.dll [MD5: 12C25FB356E51C3FD81D2D422A66BE89] [Flags: 00011000.3148]
    [U ] d:\program files\process hacker 2\plugins\usernotes.dll [MD5: E48C789C425F966F5E5EE3187934174F] [Flags: 00011000.3152]
    [U ] d:\program files\process hacker 2\plugins\extendedtools.dll [MD5: BC61E6FB02FBBFE16FB43CC9F4E949F1] [Flags: 00011000.3145]
    [U ] d:\program files\process hacker 2\plugins\toolstatus.dll [MD5: 3788EFFF135F8B17A179D02334D505E6] [Flags: 00011000.3150]
    [U ] e:\security programs folder\process hacker folder\processhacker-2.39-setup.exe [MD5: 54DAAD58CCE5003BEE58B28A4F465F49] [Flags: 00001000.3421]
    [U ] c:\users\daniel\downloads\processhacker-2.39-setup.exe [MD5: 54DAAD58CCE5003BEE58B28A4F465F49] [Flags: 00001000.3421]
    [U ] d:\program files\process hacker 2\plugins\hardwaredevices.dll [MD5: A46C8BB886E0B9290E5DBC6CA524D61F] [Flags: 00011000.3146]
    [U ] d:\program files\process hacker 2\plugins\extendednotifications.dll [MD5: BE4DC4D2D1D05001AB0BB2BB8659BFAD] [Flags: 00011000.3143]
    [U ] d:\program files\process hacker 2\plugins\windowexplorer.dll [MD5: 0E8D04159C075F0048B89270D22D2DBB] [Flags: 00011000.3153]
    [U ] d:\program files\process hacker 2\plugins\extendedservices.dll [MD5: 4858BDB7731BF0B46B247A1F01F4A282] [Flags: 00011000.3144]
    [U ] d:\program files\process hacker 2\plugins\sbiesupport.dll [MD5: 37CBFA73883E7E361D3FA67C16D0F003] [Flags: 00011000.3149]
    [U ] d:\program files\process hacker 2\x86\plugins\dotnettools.dll [MD5: 15AB3740703138ED5C091EA7736620F4] [Flags: 00001000.3450]
    [U ] d:\program files\process hacker 2\plugins\dotnettools.dll [MD5: B16CE8BA8E7F0EE83EC1D49F2D0AF0A7] [Flags: 00011000.3142]
    [U ] d:\program files\process hacker 2\plugins\networktools.dll [MD5: D6BED1D6FDBED480E32FDD2DD4C13352] [Flags: 00011000.3147]
    [U ] d:\program files\process hacker 2\plugins\updater.dll [MD5: 6976B57C6391F54DBD2828A45CA81100] [Flags: 00011000.3151]

    But these 3 are still marked good.

    [G] d:\program files\process hacker 2\peview.exe [MD5: DDE1F44789CD50C1F034042D337DEAE3] [Flags: 40011000.605]
    [G] d:\program files\process hacker 2\processhacker.exe [MD5: B365AF317AE730A67C936F21432B9C71] [Flags: 40011000.608]
    [G] d:\program files\process hacker 2\unins000.exe [MD5: 43EA49877A2A1508BA733E41C874E16E] [Flags: 40000000.609]



    2016-04-22_12-02-12.png

    I will contact support and report back!

    Daniel
     
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
  10. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Could be true maybe @layman has a 32bit OS?

    Thanks!
     
  11. ttomm1946

    ttomm1946 Registered Member

    Joined:
    Jul 23, 2014
    Posts:
    217
    I have Webroot Plus SA....I reinstalled but only filtering extension shows and not Password extension

    Win10 64 Bit.
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    On which Browsers?
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
  14. guest

    guest Guest

    you may let your browser open, sometimes it takes times to show up.
     
  15. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    @layman

    I see that these files have been whitelisted if you have anymore please Submit a Support Ticket!

    Thanks,
    Daniel
     
  16. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    292
    I have a 5 machine mix of 32- and 64-bit systems, including an old laptop that's 64-bit hardware but came with 32-bit Windows 7 installed. I allowed it to update to Windows 10, which retained the hallmarks of a 32-bit OS (just a single Program Files directory.) I know that Macrium Reflect and the other listed programs are being monitored on every one of these systems.

    I did submit a ticket for Macrium Reflect and uploaded the wsalog from one of the 32-bit machines.
     
  17. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Is it still the same version of Macrium Reflect?

    Thu 2016-04-21 19:36:25.0237 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
    Thu 2016-04-21 19:36:25.0424 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
    Thu 2016-04-21 19:36:25.0424 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
    Thu 2016-04-21 19:36:25.0627 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
    Thu 2016-04-21 19:36:25.0798 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
    Thu 2016-04-21 19:36:25.0798 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
    Thu 2016-04-21 19:36:27.0694 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
    Thu 2016-04-21 19:36:27.0866 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
    Thu 2016-04-21 19:36:27.0866 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)

    It's marked as good as I sent your log file lines to Support! As you can see MR is only on 29 PC's so not many users of WSA use it.

    2016-04-27_7-43-10.png

    Thanks,

    Daniel
     
  18. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    292

    The executable is dated 29-Mar-16. Same MD5. I am surprised at the small number of users.
     
  19. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    So is it still being Monitored after a scan?
     
  20. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    I am perplexed by this. Just been for the first time testing the MD5 lookup utility in WSA GUI.

    I find that:
    • My Acronis True Image Home trueimagemonitor.exe file (admittedly old 2011 version) has a PC count of 63
    • My Crashplan crashplanservice.exe file (up to date with my Netherlands Provider version, which is v4.5.2—however, it is possible that this NL Provider version is not the latest US version, I wouldn't know about that) has a PC count of 208
    • My Acrobat Reader DC agm.dll Runtime Library File (and with this, I am on the latest Acrobat Reader DC version v15.010.20060) has a PC count of 535
    Is this possible (particularly the last example)??
     
  21. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I just asked and will reply when I get the info. But I would say it's accurate as I remember the old Prevx Database that you could look up all kinds of info with details!

    And it looks like your right 535 users with that dll including you and I.

    2016-04-27_16-20-12.png
     
  22. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    I sure am perplexed, particularly with that last one.
     
  23. webbit

    webbit Registered Member

    Joined:
    Nov 2, 2008
    Posts:
    223
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Never noticed it before - where do I find this in WSA AV?
     
  25. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Utilities-Reports-Research Assistance-Submit a File-MD5 Lookup
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.