Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    I understand Webroot detects the affected file as W32.Trojan.Floxif
     
  2. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    How quickly did they pick it up.
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
     
  4. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    Thanks but it doesn't tell me when you picked it up. When it first appeared or when it became public and got press coverage. Thanks.
     
  5. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Get me an MD5 hash of the said file and I can check!

    2017-09-19_18-24-21.png

     
    Last edited: Sep 19, 2017
  6. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    floxif.PNG

    The time appears to be the same for all three samples. I'm in MDT time zone. I checked all three samples and they all showed 09/18/2017 @ 0718 MDT
     
  7. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Most AV's and AM's didn't detect this malware until it came out of the closet yesterday, look at the VT results.

     
  8. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    someone asked when it was detected. you replied with a screenshot and i replied with a screenshot of another file. no discussion or debate required.
     
  9. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    So much for Webroot's capabilities. It's no excuse to say the others didn't detect it. I know of one product which detected it quickly according to what I read. In fact they alerted Cleaner.

    Webroot need to factor in protection for this sort of malware, where a product exhibits unusual behavior.
     
  10. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    Is this another poor show for webroot: https://www.mrg-effitas.com/wp-content/uploads/2017/09/MRG-Effitas-Online-Banking-Certification-2017Q2_wm.pdf
     
  11. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Webroot was removed from that test as it wasn't setup properly and here is the post about it: https://www.wilderssecurity.com/thr...on-update-thread.364655/page-134#post-2702185 so it's a moot point.

    Also here is the newer PDF: https://www.mrg-effitas.com/wp-content/uploads/2017/08/MRG-Effitas-360-Assessment_2017_Q2_v2.pdf
     
    Last edited: Sep 20, 2017
  12. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    A pity that you didn't bother to read the report that alawyer referred to instead of blindly leaping to the defence of Webroot as you always do. That report is the Online-Banking-Certification-2017Q2 and was only published on Monday 18 Sept, 4 days ago and is the most recent report mrg-effitas has published. The report you linked to is an older report.
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    In that test Webroot did not do so bad, apart from the wild list it passed all the rest where many failed.
     
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Your right as I just seen the Q2 and thought he was posting the same test as I discussed above. Sorry!
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Thanks, TH. :thumb:
     
  16. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Again issues with WSA in the testing environment:

     
    Last edited: Sep 23, 2017
  17. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    i would be super curious to what is making it fault myself. i still have a whole ton of clients using it and still almost never get a single call because of any issues
     
  18. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    Very true.

    Also it's not perfect though remember that.

    But what's going on with the tests.
     
  19. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    I suspect that it is something to do re. the communications back to base that WRSA requires...after all it is by far the most communicative of all AV/IS/Am applications given that it was built from the ground up on that basis when compared to the other playerrs who have followed this approach but have added it to their existing solutions...in the main...just speculating though. :rolleyes:
     
  20. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    I have read in the Cisco blog comments section that Webroot have known about the malware since June or so. I'll try to link it here when I can find it. This is very worrying.

    What's the consensus please. Is it safe to use a possibly infected machine to create a usb Windows installer to refresh a definitely infected machine.
     
  21. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    I'm afraid the more i reflect on it the more I think that wsa is at fault here.
     
  22. alawyer

    alawyer Registered Member

    Joined:
    May 17, 2017
    Posts:
    35
    Location:
    the final frontier
    The link: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html?m=1

    The post:

    PAUL COMTOISSEPTEMBER 21, 2017 AT 4:48 PM
    I manage the Antivirus systems for my Employer's business here at Triella in Canada and I have evidence from Webroot that this started much earlier than August. We have a client record of a blocked CCLeaner.exe detection on June 25th flagged as W32.Hacktool.Rpdpatch
    We were lucky that I did not whitelist the threat as safe becasue at the time Webroot had a problem with mis-categorizing legitimate software as malware. This threat was found on a server and since we regularly used CCleaner on desktops but not servers, I was suspicious of it and contacted Webroot support about it as well. I am going to be posting an article on our website about this shortly.
     
  23. SSherjj

    SSherjj Registered Member

    Joined:
    Mar 4, 2014
    Posts:
    174
    Location:
    New York, USA
    Thanks TH for all the information about the going ons with Webroot testing & MRG .:thumb:
     
  24. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I wouldn't worry about it and if you want a free Security Check Submit a Support Ticket and Webroot will let you know! As far as I read from many articles the Malware was never active.
     
  25. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Hopefully we will get more info this week and then I can post some more info. ;)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.