Webroot SecureAnywhere Discussion & Update Thread

I understand Webroot detects the affected file as W32.Trojan.Floxif

 

How quickly did they pick it up.

 

Thanks but it doesn't tell me when you picked it up. When it first appeared or when it became public and got press coverage. Thanks.

 

Get me an MD5 hash of the said file and I can check!

 

The time appears to be the same for all three samples. I'm in MDT time zone. I checked all three samples and they all showed 09/18/2017 @ 0718 MDT

 

Most AV's and AM's didn't detect this malware until it came out of the closet yesterday, look at the VT results.

 

someone asked when it was detected. you replied with a screenshot and i replied with a screenshot of another file. no discussion or debate required.

 

So much for Webroot's capabilities. It's no excuse to say the others didn't detect it. I know of one product which detected it quickly according to what I read. In fact they alerted Cleaner.

Webroot need to factor in protection for this sort of malware, where a product exhibits unusual behavior.

 

Is this another poor show for webroot: https://www.mrg-effitas.com/wp-content/uploads/2017/09/MRG-Effitas-Online-Banking-Certification-2017Q2_wm.pdf

 

Webroot was removed from that test as it wasn't setup properly and here is the post about it: https://www.wilderssecurity.com/thr...on-update-thread.364655/page-134#post-2702185 so it's a moot point.

Also here is the newer PDF: https://www.mrg-effitas.com/wp-content/uploads/2017/08/MRG-Effitas-360-Assessment_2017_Q2_v2.pdf

 

A pity that you didn't bother to read the report that alawyer referred to instead of blindly leaping to the defence of Webroot as you always do. That report is the Online-Banking-Certification-2017Q2 and was only published on Monday 18 Sept, 4 days ago and is the most recent report mrg-effitas has published. The report you linked to is an older report.

 

In that test Webroot did not do so bad, apart from the wild list it passed all the rest where many failed.

 

Your right as I just seen the Q2 and thought he was posting the same test as I discussed above. Sorry!

 

Thanks, TH.

 

Again issues with WSA in the testing environment:

 

i would be super curious to what is making it fault myself. i still have a whole ton of clients using it and still almost never get a single call because of any issues

 

Very true.

Also it's not perfect though remember that.

But what's going on with the tests.

 

I suspect that it is something to do re. the communications back to base that WRSA requires...after all it is by far the most communicative of all AV/IS/Am applications given that it was built from the ground up on that basis when compared to the other playerrs who have followed this approach but have added it to their existing solutions...in the main...just speculating though.

 

I have read in the Cisco blog comments section that Webroot have known about the malware since June or so. I'll try to link it here when I can find it. This is very worrying.

What's the consensus please. Is it safe to use a possibly infected machine to create a usb Windows installer to refresh a definitely infected machine.

 

I'm afraid the more i reflect on it the more I think that wsa is at fault here.

 

The link: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html?m=1

The post:

PAUL COMTOISSEPTEMBER 21, 2017 AT 4:48 PM
I manage the Antivirus systems for my Employer's business here at Triella in Canada and I have evidence from Webroot that this started much earlier than August. We have a client record of a blocked CCLeaner.exe detection on June 25th flagged as W32.Hacktool.Rpdpatch
We were lucky that I did not whitelist the threat as safe becasue at the time Webroot had a problem with mis-categorizing legitimate software as malware. This threat was found on a server and since we regularly used CCleaner on desktops but not servers, I was suspicious of it and contacted Webroot support about it as well. I am going to be posting an article on our website about this shortly.

 

Thanks TH for all the information about the going ons with Webroot testing & MRG .

 

I wouldn't worry about it and if you want a free Security Check Submit a Support Ticket and Webroot will let you know! As far as I read from many articles the Malware was never active.

 

Hopefully we will get more info this week and then I can post some more info.