Left the computer for an hour while I went for dinner and when I came back the System Tray icon was grey with a red exclamation mark on it. A mouse over says 'infected'. A scheduled scan had run while I was at dinner. I assume that was when the infection was found - I have no way of telling. So, I opened the GUI and it simply states that the computer is infected and a scan is needed to remove it. No information, nothing. The problem is, and I have run into this before, is that nowhere does it tell you what infection it has found. I once ran a scan to remove an infection in similar circumstances and it borked the computer, fortunately I had a backup I could recover with. I am OK with WSA having found and hopefully stopped an infection but there seriously needs to be some obvious information about it so that the operative can make an informed decision. What do I do - run a scan and the computer snarls up? Sorry if the information is there somewhere but I cannot find it and it really needs to be presented to you on the opening of the GUI. Its no good saying that after the scan I can look in Quarantine and restore it if it is a false positive.
Update. I have just put the computer into Shadow Mode with Shadow Defender and run the scan. It was the MBAM removal tool which has been sitting in my Downloads folder for over a week. Come on, 'an active threat' when it's been sitting there for over a week doing nothing. How was that active! Had I known what it was when I opened the GUI I could have reported it as an FP there and then. Something needs improving here.
You could 'Save a Threat Log' to have a look at, and help identification: Webroot Secure Anywhere Context Help And you could report the FP/Changed detection via the file submission also: Webroot File Submission Don't know why the determination for that file would have changed.
I realise that but the point I was trying to make was that the operative should not have to go searching about to find it - it should be presented to you when you open the GUI. And there should be the option to report it as a fp at the same point. Just what percentage of users would have any idea where to start looking. The only other AV I have used in recent years is MBAM and when that finds a threat/infection it's shown on the GUI - no searching about for it.
Yeah, I know what you mean, and agree. It would enhance the ease of usability, and if I remember correctly there are idea/s posted at Webroot Community proposing improvements around this.
When I just ran a scan, I got a detection also for this file, for the first time. On uploading for checking, I found that its determination had just been altered (?) to 'bad' earlier today.
I got the exclamation mark, shortly after my daily scheduled scan the other day, just after boot. Only, know it was supposedly 2 detections. However, I never got any other indication as to what was detected....i.e. no popups. Very mysterious. Nothing in quarantine.
Hi all Same problem here with mbam-clean-2.0.2.0.exe detected as malicious. But when i try to run the Webroot file submission, i get XHR error... i wonder why! Cheers, Herve
Well MBAM 2 is still very new and the new removal tool is new so it's best to submit the file or contact the support inbox! Webroot Customer Service TH
You are missing the point TH. I know that MBAM and the removal tool are new - the point I was trying to make was that there was no information in the notification as to what the "Active Threat" was. No way to know if it was a FP or a genuine threat until the clean up procedure had been started. Like Tarnak there was no indication at all, not even anything in quarantine. How do I submit a file to support if I don't know what it is or where it is. And as it was sitting in my Sandboxed 'Downloads' folder and had never been used or activated and almost certainly didn't start running on it's own I fail to see how it could be classified as an 'Active' threat. I would suspect that as I had had it in my downloads folder for over a week before it was flagged, somewhere, someone using WSA ran the tool and as it was being seen for the first time it's behavior was classified as 'B' (bad) and the 'cloud' then classified it as bad/malicious on every scan that it detected it in. That was not my concern though, what concerned me was that there was no information as to what the 'infection' was.
Thanks Daniel! I got the following reply from WCS: "Thank you for the feedback in regard to our software. I have made the changes needed in our system so that you can now run the software. These should no longer be detected as infections. If it still gets detected I would like you to run a deep scan. Please let us know if these actions have not resolved the issue." Very FAST reply indeed! lol I agree with Dark Star: WSA should be more explicit and informative when it detects something malicious... Cheers Daniel, Hervé
Did you try to save a Threat Log http://www.webroot.com/En_US/Secure...1_ReportsandViewers/CH11b_SavingThreatLog.htm or look into a Scan Log for more info? http://www.webroot.com/En_US/Secure...C11_ReportsandViewers/CH11a_SavingScanLog.htm TH
There was nothing in the 'Threat Log' or the 'Scan Log' until after I had done the clean up. By the time I had time available to look for them Dermot had already submitted his details to support.