Webroot SecureAnywhere Discussion & Update Thread

I've had FPs with components of Rust (game), Space Engineers (game), couple of other games, some CEF-Python binaries used by google drive sync software I use, VPN client components, the UI server for my GPU's fan manager, my IRC client and a few other things. This was all in the last 3 months or so. In my experience, using the automated reporting form rarely resulted in the files ever being "fixed", and response time via helpdesk is really variable so it's just more economical in terms of time to just whitelist locally and move on.

Rarely ever see FPs with websites, so that's something, I guess.

 

Mileages do vary.

Many have had no webpage FPs at all or hardly any. Some have had (including in the past me) a lot of webpage FPs, and that from rock-solid reliable websites. One enormous problem was using Firefox and opening new tabs from Google by right-clicking and selecting "Open in a new tab". That problem was successfully reproduced by Webroot developers around Nov 2014 and subsequently resolved from Web Filtering Extension 1.0.0.59 onwards (released early April 2015). As I understand, and recall from my personal experience, some continued (and some continue) to encounter webpage FPs from time to time. However, for some time I have noticed that in the Beta version, for me at least, the phenomenon of webpage FPs has all but disappeared with latter versions of the Web Filtering Driver (indeed many months now).

To my mind, for a considerable period of time this problem was the Achilles Heel of Webroot inasmuch as it was turning quite a few people away from WSA (and understandably so) and driving others (for example, me) up the bend (I knew how good Webroot was so I was prepared to put up with it, but I did not suffer the problem gladly at all.). I am now just hoping and praying that the Web Filtering Driver will be released to the consumer version as expeditiously as possible.

 

I don't get many FP's as far as webpages go, so no issue there. FP's with installers is what I've experienced.

 

I've witnessed quite a few in the past (Can't remember most of them, but already submitted the FP reports), but the most recent one I found for example, is...

Macgo Free Media Player
MD5:3b2c6cb03ec16f1fb1aed752ff029fbd
Scan Results: 0 / 57 VT
Webroot flags the installer as: "Pua.Amonetize"

I've tried to submit the false positive report here, but the file is too big to send to Webroot.

 

Your Correct as the BETA keycode turns on the features for the Beta testers so it shows the Web Filter Driver but it's not active.

 

Well it must come with a PUA/PUP?

 

The Web Filter Extensions and (drivers with a Beta Keycode to be active) should be at 1.2.0.37 or 1.2.0.40

 

Doesn't come bundled with anything.

 

Well contact support an ask them to look at it. Webroot Customer Service just put the MD5 hash in the ticket.

 

Thank you for your help, I appreciate it.

UPDATE: Report has been submitted.

 

It's a False Positive and has been reversed!

Thanks,

Daniel

 

I am running 9.0.8.100 beta and only have 1.2.0.31 How to update it?

Another question for you Daniel.
I have been getting the occasional warning pop up advising that "file xxxx is trying to connect to the internet and is not trusted" but goes on to tell me that it is "allowing in xxx secs". If it's not trusted why the hell is it allowing it to connect out. If I have just left the computer for a few minutes I'm going to come back and not know anything about it. Surely it should be blocked until allowed or permanently blocked. I seem to remember Joe commenting on this behaviour when he was still here but cannot remember what the reason was.
Perhaps one of your contacts could enlighten us

 

Do a clean reinstall of the beta with a reboot in between.

Webroot feels for common consumers is to allow as someone could block a important process from calling out as it could break the usability of there PC, also WSA will Monitor what's going on with all of it's realtime engines even if it was an infection. http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C3_Shielding/CH3a_WhatShieldsDo.htm and it's ID Shield: http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6a_ManagingID.htm also it says it's Untrusted it doesn't say it's bad.

HTH,

Daniel

 

I have been using Webroot for the past 3 years. Absolutely love it.
That said, I disabled the Chrome browser extension about 2 years ago since it was a big pile of dog poo with lots of false positives, and tried it again briefly about a year ago with similar results. I have since relied on both WOT (web of trust) as a browser extension for the green ticks, and recently the full version of Adguard.
The other day Webroot popped up with a link for a security audit report which I went to and it has advised that all is well including the web shield and phishing shield, which I assumed was not working since I have no Webroot browser extensions installed.
Can someone clarify what protection Webroot offers without the relevant browser extension installed?

 

I'm not the WSA expert at all, that's TripleHelix, but I think the Web Filter is the first line of defence inasmuch as it blocks any websites that it considers to be high risk, whereas the Web and Phishing Shields monitor for any malicious web or phishing activity regardless of whether the Web Filtering Extension is turned on or not. TripleHelix will of course correct me if I'm partially or completely wrong on any of this

By the way, have you tested the Web Filtering Extension more recently? I think you may find that there is quite a lot of improvement since the last time you tried it. I say "may" as I'm not sure of this, both of my computers being on the Beta version. But it'd be interesting if you were to try and then report back. What I do feel more confident about is that once the Web Filtering Driver is released to the Consumer Version, you should get an extremely satisfactory browser experience regarding FPs.

Hope that helps until TripleHelix chimes in.

 

Yeah, they were pretty quick on fixing the false positive (less than an hour).

Thank you for checking up on it.

Have a good day!

 

Everything @Muddy3 said! Also WSA uses the BrightCloud® Threat Intelligence and you can check websites here as well: http://www.brightcloud.com/tools/change-request-url-ip.php

Thanks,

Daniel

 

Awesome!

 

anyone know where the firewall development for Win8.1+ is at?

 

i don't expect it to come soon...

 

It's on the list and it shows in process: https://community.webroot.com/t5/Id...w-control-in-Win-8-Win-8-1/idc-p/241926#M3733

https://community.webroot.com/t5/Id...w-control-in-Win-8-Win-8-1/idc-p/241738#M3712

Daniel

 

WSA Beta has now updated to v9.0.9.77 to all Beta Testers and I see the Web Filter is now 1.2.0.43

Thanks,

Daniel

 

I have been waiting for this for a couple years.

https://www.wilderssecurity.com/threads/help-with-wsa-firewall.356497/

 

Can you stack webroot licenses ?

 

If you mean buy more than 1 license, like 3 or 4 to last 3 or 4 years, Yes you can. You will have to activate the key at the end of each year.