Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    I bought a 1year/3PC subscription to WSA yesterday, via Novum Ovum (my nickname for Newegg.com). WSA is up & running. I am running Panda Free, as well. Between the 2 of them (both are 99.9999% in the cloud), my aging laptop barely notices them. CPU, working set, & I/O total rate are amaaazingly low. The 2 of them together use MUCH fewer resources than the resident AV (EAM) on my other computer - a twin to my aging laptop.

    My theory: Panda has slightly better sigs & a Behavior Blocker (BB gun) of indeterminate effectiveness. WSA has a SUPER BB gun. So I want to see if they play nicely together. So far... grreat!
     
  2. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,106
    Location:
    .
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    No. Actually, when I was running only Panda, I used NortonSafeWeb instead of PandaSafeWeb. My browser is Firefox... I also use NoScript, IdontCareAboutCookies, Ublock Origin, & No Coin. Now that I am also running WSA, I have switched from NortonSafeWeb to WebrootFilteringExtension.

    Uhh... why do you ask?
     
  4. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    3,106
    Location:
    .
    some VT engines (Webroot) detect PandaSafeWeb.exe (PUA/Adware)
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    Yes, when I installed WSA, it made a bit of a fuss about a couple of Panda files. Understandable. No problem. :isay:
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,653
    I have Panda Global Protection installed together with WSA. However, in the last two weeks whenever Panda Global has automatically started to update WSA interferes and causes the Panda update to fail. I have to rerun the Panda Global Protection installer exe to get Panda reinstalled on my system. [I haven't figured out how to stop these PUA detections by WSA from interfering in this update process.]

    From the last WSA scan log, I found what I consider to be False detections by WSA:

    Tue 28-08-2018 22:11:13.0156 Infection detected: c:\windows\temp\7zs87d8cda9\program files\panda security\panda cloud antivirus\tools\pandasecuritytb.exe [SHA256: 7BD01B3E93950E23AE705917E16817586784649E394C99F2B064F837D82F4FEA] [MD5: EBE12D1003B2B3A23351C42436AD2330] [3/00081020] [PUA.Gen]
    Tue 28-08-2018 22:11:13.0156 File blocked in realtime: c:\windows\temp\7zs87d8cda9\program files\panda security\panda cloud antivirus\tools\pandasecuritytb.exe [UniqueID: 3E1BD07B, MD5: EBE12D1003B2B3A23351C42436AD2330, Size: 4575680 bytes] [528416/00000003] [PUA.Gen]
    Tue 28-08-2018 22:11:13.0168 Determination flags modified: c:\windows\temp\7zs87d8cda9\program files\panda security\panda cloud antivirus\tools\pandasecuritytb.exe - UniqueID: 3E1BD07B, MD5: EBE12D1003B2B3A23351C42436AD2330, Size: 4575680 bytes, Flags: 00000020


    Tue 28-08-2018 22:48:03.0396 Infection detected: c:\users\owner\appdata\local\temp\7zsc7ce4db4\program files\panda security\panda cloud antivirus\tools\pandasecuritytb.exe [SHA256: 9FED84AC26B337E477937BE2BE438349D016B3F56B0A30EEF3DEDD0D27A10AB6] [MD5: B72F5D2B3EE95FE59694CB115000E152] [3/00081020] [PUA.Gen]
    Tue 28-08-2018 22:48:03.0396 File blocked in realtime: c:\users\owner\appdata\local\temp\7zsc7ce4db4\program files\panda security\panda cloud antivirus\tools\pandasecuritytb.exe [UniqueID: AC84ED9F, MD5: B72F5D2B3EE95FE59694CB115000E152, Size: 4575704 bytes] [528416/00000003] [PUA.Gen]

    P.S. I have shown in bold for emphasis.
     
    Last edited: Aug 29, 2018
  7. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,667
    Location:
    Ontario, Canada
    Well there not FP's so the best thing you can do is contact Webroot support and ask them what to do! Webroot Customer Service

    2018-08-29_19-35-28.png 2018-08-29_19-37-58.png
     
  8. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    179
    does the toolbar ever update, or does it generally remain the same (same hash, etc) at each update? if it's the same, couldn't you just tell WSA to "allow" it, like you would with any other FP? *EDIT* nevermind, didn't realize it was a completely different file between the pair of hashes you mentioned.

    i don't blame them for flagging it as a pua since it's a visicom pua detection (bunch of other vendors also detect it as such), but still, that's gotta be annoying since WSA generally plays nice with other AVs
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,667
    Location:
    Ontario, Canada
    AV's are fine but not the PUA's that come with some of them. https://www.google.com/search?q=pandasecuritytb.exe&ie=utf-8&oe=utf-8&client=firefox-b
     
    Last edited: Aug 29, 2018
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,653
    @Triple Helix, @m0unds

    Whatever! But, I am sure that Webroot and Panda, between them, know the score. I am just "piggy in the middle". All I know, it is not up to me tell Webroot, because they should already know about this problem with their flagging of Panda.
     
  11. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,667
    Location:
    Ontario, Canada
    Sorry but your the one complaining so you should ask Webroot Support as I or we can't do anything on here. Also look at the PC count in the above pictures I posted.
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,653
    @Triple Helix

    With all due respect, I do not agree. Surely, this should be sorted by both these two companies. I mustn't be the only user of these softwares to have encountered this problem. Anyway, we both are entitled to have our opinions. :)
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,667
    Location:
    Ontario, Canada
    I'm not saying that you have to agree with me. But many other AV's see it as a PUA as well.....! Look https://www.google.com/search?q=pandasecuritytb.exe
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,653
    Thanks, Dan! I'll leave it be. I just hope the powers that be can get it worked out one day. In the meantime, I will just persevere.
     
  15. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,667
    Location:
    Ontario, Canada
    New Beta out to Beta testers 9.0.23.32

    Major Highlights in this release:
    1. Script Shield Bug fixes
    2. Win 10 RS5 support
    3. Multiple other bug fixes
     
  16. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    That's good to hear. Altho I'm not a beta tester, I appreciate your keeping us posted. (But I did run a Beta max in days of yore.)

    By the way, can anyone tell me the significance of the padlock that is sometimes superimposed over WSA's icon in the system tray?
     
  17. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,696
    Location:
    Hollow Earth - Telos
    Put the mouse over that icon and you might find out.
     
  18. ronald739

    ronald739 Registered Member

    Joined:
    Nov 9, 2011
    Posts:
    111
    Location:
    Australia
    It's for the Identity Shield. Link below can explain it better than i can.

    https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-Lock-Icon/ta-p/59565

    Quoted from page 57:

    https://download.webroot.com/WSAEssentialsUserGuide_8.0.1.pdf

    Regards.
     
  19. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    298
    Location:
    Belgium
    From above post:
    Identity Shield protects you now for ALL active browser windows that are open in any of the browsers in the protected web browser list and not just secured websites (click the cog next to Identity Protection in the WSA GUI and then click the Application Protection tab to view which web browsers are protected and, if necessary, to manually add other web browsers or even other apps to this list).

    The WSA Guide referred to is rather old (2012) and things have changed since then.
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    @ Ronald739 & @ Muddy3 - 10Q for the information. It's good to know!

    I just now added all my internet-facing apps to WSA's Application Protection. Shazam!

    QUESTION: Does anyone know exactly what KIND of protection WSA provides to protected apps? For example, does it protect against exploits, scripts, etc?

    I am very satisfied with WSA. However, if anyone ever runs a "Most Boring Icon" contest, WSA will win it hands down. :D:p:)
     
  21. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,667
    Location:
    Ontario, Canada
    Script Shield is in Beta for now and a new Anti-Exploit is in the works but I have not heard a timeline for it to go into Beta. But if any payload is downloaded because of an Exploit then WSA will deal with as it has always done.

    2018-09-07_9-17-27.png
    2018-09-07_11-29-06.png
     
    Last edited: Sep 7, 2018
  22. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    Good to hear. In the meantime, I shall use WSA + MBAE.
     
  23. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,667
    Location:
    Ontario, Canada
  24. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,166
    Location:
    Hawaii
    Thanks TH. That is good news.

    I am still on version 9.0.21.18. When I click WSA's update button, I get a message that WSA automatically updates and is already updated.

    It makes me wonder what else does WSA say it is taking care of when it is not actually doing so.
     
    Last edited: Sep 11, 2018
  25. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    179
    they stage their releases so that in the event that something funky happens and a bug isn't caught during testing, they can stop the update and fix the issue and then resume updating with another build. it's a common thing with software cos' development. the only thing i ran into in years of using wsa that it wasn't taking care of itself, was sometimes it'd accumulate tons of journaled stuff for processes that went from monitored->trusted and not clean up. that seems to be fixed in newer builds though.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.