Threats Detected

Discussion in 'Prevx Releases' started by Dark Star 72, Apr 8, 2014.

Thread Status:
Not open for further replies.
  1. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Left the computer for an hour while I went for dinner and when I came back the System Tray icon was grey with a red exclamation mark on it. A mouse over says 'infected'. A scheduled scan had run while I was at dinner. I assume that was when the infection was found - I have no way of telling.
    So, I opened the GUI and it simply states that the computer is infected and a scan is needed to remove it. No information, nothing.
    The problem is, and I have run into this before, is that nowhere does it tell you what infection it has found. I once ran a scan to remove an infection in similar circumstances and it borked the computer, fortunately I had a backup I could recover with.
    I am OK with WSA having found and hopefully stopped an infection but there seriously needs to be some obvious information about it so that the operative can make an informed decision. What do I do - run a scan and the computer snarls up?
    Sorry if the information is there somewhere but I cannot find it and it really needs to be presented to you on the opening of the GUI. Its no good saying that after the scan I can look in Quarantine and restore it if it is a false positive.
     

    Attached Files:

  2. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Update.
    I have just put the computer into Shadow Mode with Shadow Defender and run the scan. It was the MBAM removal tool which has been sitting in my Downloads folder for over a week.
    Come on, 'an active threat' when it's been sitting there for over a week doing nothing. How was that active!
    Had I known what it was when I opened the GUI I could have reported it as an FP there and then. Something needs improving here.
     

    Attached Files:

  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Last edited: Apr 8, 2014
  4. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    I realise that but the point I was trying to make was that the operative should not have to go searching about to find it - it should be presented to you when you open the GUI. And there should be the option to report it as a fp at the same point. Just what percentage of users would have any idea where to start looking.
    The only other AV I have used in recent years is MBAM and when that finds a threat/infection it's shown on the GUI - no searching about for it.
     
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    Yeah, I know what you mean, and agree. It would enhance the ease of usability, and if I remember correctly there are idea/s posted at Webroot Community proposing improvements around this.
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    When I just ran a scan, I got a detection also for this file, for the first time. On uploading for checking, I found that its determination had just been altered (?) to 'bad' earlier today.
    WSAfpMBAMcleanB.PNG
     
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,274
    I got the exclamation mark, shortly after my daily scheduled scan the other day, just after boot. Only, know it was supposedly 2 detections.

    However, I never got any other indication as to what was detected....i.e. no popups. Very mysterious. Nothing in quarantine.
     
  8. Heco

    Heco Registered Member

    Joined:
    Mar 8, 2003
    Posts:
    264
    Location:
    Provence, France
    Hi all :)
    Same problem here with mbam-clean-2.0.2.0.exe detected as malicious. But when i try to run the Webroot file submission, i get XHR error... i wonder why!
    Cheers,
    Herve
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,262
    Location:
    Ontario, Canada
    Well MBAM 2 is still very new and the new removal tool is new so it's best to submit the file or contact the support inbox! Webroot Customer Service

    TH
     
  10. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    You are missing the point TH. I know that MBAM and the removal tool are new - the point I was trying to make was that there was no information in the notification as to what the "Active Threat" was. No way to know if it was a FP or a genuine threat until the clean up procedure had been started. Like Tarnak there was no indication at all, not even anything in quarantine. How do I submit a file to support if I don't know what it is or where it is.
    And as it was sitting in my Sandboxed 'Downloads' folder and had never been used or activated and almost certainly didn't start running on it's own I fail to see how it could be classified as an 'Active' threat.
    I would suspect that as I had had it in my downloads folder for over a week before it was flagged, somewhere, someone using WSA ran the tool and as it was being seen for the first time it's behavior was classified as 'B' (bad) and the 'cloud' then classified it as bad/malicious on every scan that it detected it in.
    That was not my concern though, what concerned me was that there was no information as to what the 'infection' was.
     
  11. Heco

    Heco Registered Member

    Joined:
    Mar 8, 2003
    Posts:
    264
    Location:
    Provence, France
    Thanks Daniel!
    I got the following reply from WCS:
    "Thank you for the feedback in regard to our software. I have made the changes needed in our system so that you can now run the software. These should no longer be detected as infections. If it still gets detected I would like you to run a deep scan. Please let us know if these actions have not resolved the issue."
    Very FAST reply indeed! lol
    I agree with Dark Star: WSA should be more explicit and informative when it detects something malicious...
    Cheers Daniel,
    Hervé
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,262
    Location:
    Ontario, Canada
  13. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,262
    Location:
    Ontario, Canada
    I would uncheck this in the picture below and Save to see the warnings.

    TH

    2014-04-10_17-30-52.png
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.