Webroot SecureAnywhere Discussion & Update Thread

http://www5.nohold.net/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=1098&

 

thank you D.!!

 

You're most welcome G!

 

Version 9.0.4.7

 

Not a shill. I wanted to register to post a positive experience with Webroot and ask some questions.

On a whim this week I purchased a license to Webroot after ignoring it for a few years. I found an issue where on one of my systems Webroot had consumed nearly all of the small 128GB SSD used for the OS in just a 20 hour period. My (tree size free) investigation narrowed it down to the WRdata directory which had ballooned to over 70GB. Based on what I could see Webroot 'journals' new/unseen/monitored programs and the more intense the program is the more these balloon up. In my case the new Ccleaner Cloud/Managed version Webroot was having a fit about and since it's a cleaner it is pretty active. I was a bit upset about this but decided to open a ticket with Webroot not expecting much in return. Happy to say within an hour or less my issue was resolved. However that doesn't guarantee WRdata won't balloon up to magnificent proportions again.

Researching I found this;

http://blog.netflowdevelopments.com/2015/03/18/before-you-install-webroot-anti-virus/

Has anyone tried this method?

 

Is anyone else having issues with downloading games in Steam with the web filter driver active?

 

I know it only affects some, but I wish Webroot could come up with a solution to the WRData folder size problem.
I have had problems before, but today I noticed a huge difference in the size of my daily system image, and discovered this was due to WRData having grown to 41GB in one day (on a 256GB SSD) - this is a record!
I am pretty sure my system is clean.
Have raised a support request again and sent logs.

 

I noticed Webroot leaves behind a lot of folders in Temp called lptmp*number*, all containing a lot of subfolders which seems to contain language files related to LastPass. I don't even use the password manager, but there are already 121 of those folders from only the last 3 months.

 

I wasn't aware this was a longstanding issue. So far I love Webroot, very light - I don't install any of the browser addons as I have no use for web filtration.

WRData growth will concern me on some tablets/notebooks we have at home with limited SSD storage but also I tend to put smaller SSD's in our desktops for the OS and a large mechanical data drive. If they can't resolve this I may have to use the Sym-Folder method above to force WRData into the mechanical drives but that won't fix it for the notebooks/tablets with SSD's. I haven't found a Webroot response since back in June when I searched out this issue after discovering it.

Any suggestions?

 

This WRData issue goes back several years. It was first raised in the old Prevx forum here at Wilders which preceded this Webroot one on 12 Aug 2011, just over 4 years ago. I seem to remember that the response then as now was to delete the WRData folder and Prevx would start compiling a new folder which the user would then delete again when it reached an unmanageable size and start over again.

This is another issue that has been around some time. I raised this here and had some (heated) discussions with Webroot staff direct on a support ticket about it. I couldn't understand and still can't why:
a) I needed language files when I didn't have the password manager installed
and
b) It was necessary to download more language files every time the computer was rebooted or turned on. I had as many as five lptmp temp files downloaded at a time but usually about three.

This yet another issue that has never been resolved and there are more than a few more that I cannot be bothered to search for.

 

Don't think it's advisable to delete the WRData folder completely, but the dbNNNNN.db files may be deleted without negative effects afaik.
https://www.wilderssecurity.com/thr...-defender-from-launching.357272/#post-2317688

 

That's not an acceptable resolution. Most of us can't babysit computers like this or in the case of people having 'many' systems babysitting those.
I wonder if I can use CCleaner Cloud and create a custom deletion script to simply purge the .db files in the WRData folder? The problem is in doing that if something 'serious' is being journaled this would kill all of the journaled activity up to that point so again - probably not an acceptable solution.

 

Yes it does if you Run Optimizer or CCleaner it would remove them! Also when you do a clean reinstall of WSA in AppData there should be none before installing WSA again so remove those as well (leftovers)

HTH,

Daniel

 

Thanks Buddy!

Daniel

 

When you have that issue it's best to contact Webroot Customer Service and get your files whitelisted then you can do what's in the picture below!

HTH,

Daniel

 

Thank you Daniel.

Another question.. I logged into a machine remotely at home and checked and noticed a new .db file. So I looked under processes and found an 'unnamed' process in monitored mode. As I was looking at it suddenly it 'disappeared'. This is cause for concern? I have the DB file it created pulled off to the side (copied) should I find a way to submit that to WR?

 

Not an issue! I just installed Office 2016 and files needed to be whitelisted! Now I only see the monitoring when I run a Office 2016 app and then when I shut it down in this case Word it stops montoring until I open the Word app again.

HTH,

Daniel

 

For Mac Beta Testers:

Thanks,

Daniel

 

I guess I'll just keep the web filter driver uchecked since nobody else seems to have this bug.

 

Sorry I missed that. It's best to contact Webroot Customer Service and they will look into it for you and it could be a simple thing as getting some files whitelisted in the WIN Cloud Database.

Thanks,

Daniel

 

Now I have Office 2016 Pro Plus whitelisted via the support channel that was quick!

Daniel



And now after a scan I can delete the Journaling files!

 

Here's the thing. What was being monitored was a 'no-name' program.. That is the program name area was EMPTY but there was something being monitored which then disappeared. That's what I was trying to say.

Also of GREAT concern of mine is I cannot seem to whitelist entire directories. For example I do not want ANY monitoring/scanning of my Steam/Origin/Uplay/Desura folders. But the whitelisting appears to impact files only and not entire folders. I can't be opening tickets for whitelisting constantly especially since I beta test 10-15 different games.

Any solution to that?

ALSO when a program is whitelisted why doesn't Webroot remove the .db files itself without manual removal being required? I don't have a ton of time to babysit my AV's so I am serious about finding answers. Also I have about 6 computers that need to run WR so I can't be doing this kind of thing on each and every one constantly.

Edit: Just checked. Files support whitelisted got newer program versions and are being monitored again and it's impacting performance and increasing db sizes again. Do I need to open tickets with every single update? These programs update in the background. I suspect it's MD5 hash based and in that case would require massive maintenance for me.

Thanks!

 

Ask support they can maybe do something for you? Webroot does have it on there list to clean up old unneeded files in the WRData Folder but I don't know the timetable for release. Also any monitered files will show in the scan log so have a look at it. http://www.webroot.com/En_US/Secure...C11_ReportsandViewers/CH11a_SavingScanLog.htm

 

I think I am starting to understand how the product works.

A process is launched, WR then checks it via various technologies. If the MD5 hash is relatively unknown it then places it into monitored mode. This journals all of the activity in WRData directory then logs it in the journal log. The activity of this file stays in the journal database even after whitelisting so you need to 'clean up' the data. However if the product that was being journaled releases a new version a new journal is started. The first one 'decays' in the directory because that MD5 version doesn't exist any longer but the journal remains.

So in testing I launched 15 different steam games that aren't generally that well known. After I closed them there were 15 active .DB files in the WRData directory. The size of the DB files seem to be exactly correlated with the 'activity' of the program. A game seems to generate fairly small files while cleaning programs, utilities and other things seem to generate larger files. The WRData directory seems to 'explode' in size for highly intense programs being monitored which in my case were a couple of specific things I use running 24/7 which caused a 1GB per hour spike in DB size. So far it seems like a good system with a few issues. I can see why they use MD5 and each revision requires a new exception on their end because if they didn't base it on MD5 their system could be compromised by malware 'similar' to legitimate programs.

What I feel is;
1) It should be smarter with auto-cleanup of decayed db files.
2) Whitelisting of FOLDERS for monitoring. For example Steam game folder should be able to be fully whitelisted.

After browsing the website the enterprise version has extensive whitelisting/rule/policy system. I think some of this should migrate to the consumer product. I am unsure if I can continue to run Webroot despite GREATLY enjoying. The incessant growth of the WRData folder and inability to whitelist are a couple of deal breakers.

 

Yeppers! See this video: https://www.youtube.com/watch?v=GqvVTE8-fA4

And not only MD5 they uses some other tech as well.

Thanks,

Daniel