Issues with Webroot

Discussion in 'Prevx Releases' started by bandaid, Jan 19, 2013.

Thread Status:
Not open for further replies.
  1. bandaid

    bandaid Registered Member

    Joined:
    Jan 19, 2013
    Posts:
    34
    Location:
    USA
    Hello,
    I am running a trial of Webroot Antivirus with Malwarebytes on XP and I had a few questions.

    Running under a LUA with Google Chrome and DuckDuckGo everything is fine for the first 30 to 60 minutes of use. Then new tabs will just not open. I have to close down google chrome and webroot and then reopen. I tried running with google as my search engine, webroot was more responsive and I have not had the hanging yet. Is there an issue with DuckDuckGo?

    Also, when I reopen google chrome with duckduckgo and restart webroot everything works again except there is no padlock now on the green W. Is this normal?

    Thanks.
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    It might be conflicting with the identity shield. Try turning off the identity shield and see if that helps.
     
  3. bandaid

    bandaid Registered Member

    Joined:
    Jan 19, 2013
    Posts:
    34
    Location:
    USA
    Kjdemuth,
    You are correct, this solves the problem when using duckduckgo. I do not have this problem with google as the search engine choice. Thanks.
     
  4. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Glad I could help. :)
     
  5. pot2pan

    pot2pan Registered Member

    Joined:
    Feb 13, 2009
    Posts:
    54
    Major annoyance with Prevx-Webroot Re: Issues with Webroot

    Wasted a whole day fixing issues after Prevx 3.0 installed Webroot silently on a computer I am maintaining. The issues were finally fixed when I noticed the silent install and removed Webroot:

    The user complained she could no longer use Google searches on her computer. Google would come up, then any search result page was blank.

    I confirmed that was the case, then tried Bing, the same was happening, tried the French Google, the same. Tried searches under both Internet Explorer and Firefox, same behaviour.
    Malware searches with Avast AV and Emsisoft Antimalware yielded nothing.
    I noticed that Google sometimes complained that cookies were disabled even though they were not. I tried many ways to solve this to no avail.

    Finally convinced that there was a serious malware infection I restored a recent image of the system and applications partition (which I keep separate from user data). Everything went back to normal, the user was happy.

    This did not last long. One hour later the same problem had reappeared and I was called to fix it again.
    I restored system and apps again to the previous image, which of course solved the problem again. This time I kept the computer on and went on using the browsers and search engines for a short time, doing only very safe things and rebooting a couple of times. Sure enough, the problem reappeared.

    This time I noticed a small change: a small green icon had appeared in the taskbar at the extreme right of the screen. Right-clicking on it I had a message that this was Webroot, some trialware installed as a replacement for Prevx.

    Cursing, I uninstalled Webroot, the problems were gone. One day later they are still gone.

    - First I would like to present heartfelt thanks to the Prevx-Webroot crowd for their very responsible behaviour in silently changing a piece of free software (Prevx) to trialware (Webroot) for previous Prevx users.
    - Then I would like to thank them also for having produced Webroot, a brilliant piece of security software that in my brief encounter with it behaved just like malware, employed a day of my time at this fascinating repair and caused major inconvenience to the user. I hope many previous Prevx users will have the same exhilarating experience.
     
    Last edited: Mar 22, 2013
  6. Pierrequiroule

    Pierrequiroule Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    44
    Location:
    Quebec, Canada
    @bandaid:
    If you prefer to use a search engine that protects your privacy - like duckduckgo does - you may take a look at Ixquick:

    https://en.wikipedia.org/wiki/Ixquickhttp://

    https://us2.ixquick.com/eng/

    I have WSA complete and I don't experience any issue when I use Ixquick under Firefox. As for Google Chrome, I don't know. Maybe someone else on this forum could tell us?
     
  7. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    There are no issues with DuckDuckGo on Windows 7 both 32 bit and 64 bit while running WebRoot! Have been using both for quite some time. There is also NO issue with google or any other search engine on any of my machines. A little research should quiet the troll!
     
  8. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,203
    Location:
    in a remote land :)
    Re: Major annoyance with Prevx-Webroot Re: Issues with Webroot

    It was planned long time ago. If people install a piece of software (aka Prevx) and don't follow the development...

    also:

    https://www.wilderssecurity.com/showpost.php?p=2202313&postcount=4


    Exactly , brief is the word, i am sure you didn't even went into Webroot's setting to try to find the problem instead of restoring an image...(3 restores to find out that a new software was installed...(what about Task Manager...?)

    For your information, Webroot is an excellent software; so before disclaiming that it act as a malware, learn first what is it.
     
  9. pot2pan

    pot2pan Registered Member

    Joined:
    Feb 13, 2009
    Posts:
    54
    Re: Major annoyance with Prevx-Webroot Re: Issues with Webroot

    I did not know that Webroot had been surreptitious installed on that computer when I decided to restore, so how could I decide to investigate the settings of a program I did not know was there. It is only after having done a second restore and seeing the problem reappear that I could suspect that something of that type was happening.

    How often do you scan all the tasks in task manager to check if a program has stealthily installed itself?
    (Note: 2 restores only, the second one allowed me to discover the existence of Webroot on that machine.)

    How often in your experience security software stealthily install different security software to replace themselves on your computer? Yes, I know Prevx is used internally by Webroot, but Webroot is a radically different piece of software (and trialware, while Prevx was free).
    This without giving the user the choice? Without even printing an information screen during the install to tell users that the exchange is taking place?

    Originally the symptoms were exactly the same those of other existing malware: stealth install, disabling all main internet search engines on all browsers...
    Before I discovered that Webroot had been installed by Prevx unkown to the user, it made good sense to think that malware was active on that computer.
    Webroot was indeed behaving exactly like malware.

    You can claim the virtues of Webroot as much as you want, the stealth install of Webroot is unethical enough to make me very suspicious of that Prevx-Webroot crowd. I will never get near that software again.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm sorry for the confusing process you experienced - we have been planning this transition for many months now and have contacted thousands of customers who gave us their email addresses (either during registration or through the product), but there was no means of contacting some trial customers directly. Prevx was acquired by Webroot in 2010 and we've been working on the transition since then, moving our customers over onto a consistent, consolidated platform.

    There is no gradual way to move software over - it has to have a binary move at some point, and we are slowly working to turn down our Prevx services as we move customers over to Webroot.

    In the meantime, if you could please let us know any specifics around what software your client (any browser toolbars/custom browser extensions/etc.) so that we can investigate the incompatibility with Google, it would be much appreciated.

    Again, we apologize for the confusion here but please let me know if you have any questions!
     
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,203
    Location:
    in a remote land :)
    Re: Major annoyance with Prevx-Webroot Re: Issues with Webroot

    each time my customers called me for a possible malware activity like browsing slowdown/internet disconnection; i check the running processes with the customer and ask him if he knows the program.
    Then i use some forensic tools if all the running processes are legitimate/clean.
    This is a must-do procedure in malware cleaning.


    not much, the only choice the user has is : keep (buy) or uninstall.
    The point i agreed with you is the auto-update of Prevx to webroot, it should have a big box in the middle of the screen; but im sure even with a nag screen some users will just click it without reading.

    But what if this user kept ignore the change , keep Prevx (that become outdated) and later got a severe infection bypassing the old Prevx technology then delete his important files, who he will blame... webroot...

    i agree but your methodology was incorrect, when you suspect any malware , you look for the symptoms causes first (either manually or via tools), you don't cure right away, especially by a image restoration that may failed.
    If you had check the task manager/installed program then saw webroot's process you could uninstall it right away without loosing an half day.

    what was the OS of your user, because normally if he uses Win7 or Win8 , the UAC should alert him of the change.

    i am a closed-beta tester of Webroot (and other security products) since its first apparition, and i can tell you that it is a more than decent product (if you take a bit time to understand properly how it works). Now of course it is not free anymore like Prevx but that it is another matter.
     
    Last edited: Mar 23, 2013
  12. pot2pan

    pot2pan Registered Member

    Joined:
    Feb 13, 2009
    Posts:
    54
    @Umbrapolaris

    Why do you assume that I did immediately do a restore rather than first hunting the "malware" with tools and many different tests and finding nothing after more than a couple of hours of struggle?

    As far as image backup and restore, if you are worried about the reliability of your imaging tool (you seem to be afraid of an "image restore which may fail") can I suggest that you give a go at "Drive Snapshot". Not fancy or cheap, but ultra reliable and fast. It has not failed me once over the years and many, many restores, nor did a DS restore fail with anyone I know.

    DS is so reliable and fast that I use it sometimes as a diagnostic tool as I did there: Do an image of the problem system, then restore the last image to compare behaviour. When the problem is found you can finally restore the image of your choice. In this case, after finding that Webroot was the issue, I simply restored the problem system and removed Webroot.
    Drive Snapshot served me very well as a diagnostic tool in this case, and this is not the first time. You only have to save frequent differential images and have system and applications on one partition (or two) and user data on another.
     
  13. PC_Fiddler

    PC_Fiddler Registered Member

    Joined:
    Aug 18, 2012
    Posts:
    167
    Location:
    Yorkshire - UK
    @pot2pan - I'm pretty sure I would have noticed the 'green icon' quite fast (I hope you aren't paid by the hour)- You initial post was pretty sarcastic & it's not the best way for a professional'? to put a point over.
     
  14. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,203
    Location:
    in a remote land :)
    it is what you wrote, because if you hunted the malware manually you will find Webroot process quite suspicious since you don't know it.


    im not afraid but if the image is corrupted somewhere during the process, you are done (happened to me 2 times).

    Thanks but i used almost all the possible image software (Acronis, Paragon, macrium, etc...) but now i use only Rollback RX and it never failed me.
     
  15. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Rather than arguing with users I would follow-up directly with Prevxhelp to fix the issue rather than remaining with an outdated/end-of-life product. :)
     
  16. pot2pan

    pot2pan Registered Member

    Joined:
    Feb 13, 2009
    Posts:
    54
    Thanks PrevxHelp for trying to work out the cause of the problem.
    It is not just an incompatibility with Google. Here is what happened and what I noticed:

    - The OS was Windows XP pro SP3, up-to-date with critical updates.
    - The browser where the problem appeared originally was Firefox portable with a few add-ons.
    - The symptom noticed by the user was that Google did not display search results. The result page was blank.
    Additionally Google complained that cookies were disabled (they were in fact enabled) and that therefore, "instant search could not work".

    - Trying a search on Bing had the same issue (blank result page), so a specific search engine was probably not directly involved. All major search engines were probably affected.

    - Trying searches on both Google and Bing, started from Internet Explorer had the same issue, confirming that the choice of browser and add-ons was probably not relevant.

    - Deleting Firefox portable and installing the latest non-portable Firefox without any add-on resulted in the same behaviour with Google and Bing under Firefox, confirming again that the combination of a specific browser and its add-ons was probably not part of the problem.

    - DNS queries were definitely involved in the issue, as typing the Google URL number in the URL field instead of google.com.au or google.fr resulted in correct behaviour of the browser and search site (results were displayed, cookies were not disabled). This is the symptom that really had me thinking that malware was involved.

    After removing Webroot all searches (Google and Bing) started working again on all browsers as normal. Cookies were not disabled.

    Hopefully this gives you some leads.
     
    Last edited: Mar 23, 2013
  17. pot2pan

    pot2pan Registered Member

    Joined:
    Feb 13, 2009
    Posts:
    54
    I agree fax,
    I have now given all the leads I could to PrevxHelp so they can attempt to reproduce the issue and fix it. I will reply again if they have specific questions. (After all Prevx was free and was originally quite useful, so I at least owe them this.) After that, I am out of here.

    I am not going with Webroot (that stealth install is a sufficient breach of ethics to get me out of there quick) but I am not remaining with Prevx either. I agree that it would not make any sense.
     
    Last edited: Mar 23, 2013
  18. justenough

    justenough Registered Member

    Joined:
    May 13, 2010
    Posts:
    1,509
    pot2pan, as a long-time admirer of Prevx and now Webroot and what the people behind them are working towards, when a thread is taken over with insinuations about stealth installs and breach of ethics, I feel called to put in my two cents. (In these situations I often think of the classic xkcd 'Duty Calls' cartoon: 'Someone is wrong on the internet.' http://xkcd.com/386/)

    As umbrapolaris said, if a person isn't keeping up with the software they install on their computer, they can expect surprises. It's not a stealth install when the company has been alerting users about the coming changes. But that's the users' responsibility, and their carelessness about good computer practices is why you have a job, to sort out the results of their oversights.

    I'm just someone who started reading Wilders when I got tired of paying techs and wanted to figure out why my computer kept getting infected. To me your accusations about Prevx/Webroot has a blame-the-other-guy sound to it, because as umbrapolaris has also said one of the first things you could have done is check what processes were running on the computer and see what the owner knew about them and what you knew about them. I'm not a tech and even I check in with Sysinternals' Process Explorer regularly, especially if I see any signs that something is acting wonky. Just doing that would have saved you a day of work and probably your client some money. And finding out what sort of program Webroot actually is and the reputation it has here might have changed how you wrote in this thread.
     
  19. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Prevx always updated stealth and move to prevx 4 is no exception. On top in prevx 4/WSA GUI you get a clear hyperlink explaining it. To me it looks just FUS or simply wanting to change to something else, perfectly legitimate but the form is questionable. :)
     
  20. guest

    guest Guest

    Reading this I remember that I had a very similar experience on Win7 a few weeks ago. But in my case the problems started immediately after installing BULLGUARD in addition to Webroot Secure Anywhere. (Having used Avira IS in the past on that same system).

    I am talking about blank search results (Google and Bing) and also very slow system performance (I thought the built-in Secunia component could be the culprit, since I had the product itself installed before) btw. - It all went away when uninstalling Bullguard. No problems since then with using WSA as standalone av-product.

    So there might be something to be fixed at least regarding compatibility? I don't know on which vendors site. And maybe it is all unrelated and just a coincidence? - Just thought I would let anyone know.

    All other things I let pass without comment .. for now. :D
     
  21. pot2pan

    pot2pan Registered Member

    Joined:
    Feb 13, 2009
    Posts:
    54
    Thanks guest, this reminds me to add some info that could be relevant to the people at Webroot looking into this:
    That computer uses Avast AV.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thanks - that helps. It sounds like it is an incompatibility between the search result annotation (under the Web Threat Shield) within WSA and Avast's browser filtering. Could you let me know what version of Avast they're using if you happen to know it offhand?

    In the meantime, we're looking into disabling search result annotation automatically upon upgrade from P3 to WSA just to avoid problems like this, as that is one area of possible incompatibilities which was not in P3.

    Thanks for the help!
     
  23. bandaid

    bandaid Registered Member

    Joined:
    Jan 19, 2013
    Posts:
    34
    Location:
    USA
    Pierrequiroule,

    I will definitely look into Ixquick. Thanks!
     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,203
    Location:
    in a remote land :)
    did you tried to turn off Avast protection to see if it solve the issue?
     
  25. pot2pan

    pot2pan Registered Member

    Joined:
    Feb 13, 2009
    Posts:
    54
    avast! Free Antivirus
    Program version 4.0.1483 <-Sorry, wrong.
    Edit: I made a dreadful typo. The version number is: 8.0.1483 - That user was keeping up with her antivirus.
    (Thanks to umbrapolaris' intervention below. Without him I would never have seen that.)
     
    Last edited: Mar 24, 2013
Thread Status:
Not open for further replies.