Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    5,987
    Location:
    Nicaragua
    Great post, Muddy3. Your story is very similar to mine. Like you, I used to get infected once or twice a year every year until I got tired and decided to do something about it. In my case, I wanted something that dont depend on signatures and can handle zero day threats, thats how I found Sandboxie. And it has worked for me as I haven't gotten infected for more than 7 years. You are doing it with WSA, stick with it. It works for you, that's all that matters. Who cares if one or two in this forum accuses us as being fanboys for using what works for us.:)

    Bo
     
  2. hjlbx

    hjlbx Guest

    This is as true today as it was then. Even today's so-called "top" security softs - like Kaspersky and Bitdefender - fail to protect a system in all cases - against anything and everything. With the current state of IT security, there is only so much that any security soft can do.

    Anyone can get any AV to fail to protect a system... it's just a matter of finding the weaknesses and targeting those weaknesses.

    That being said, Webroot - used properly - will protect the system in the vast majority of typical use cases. It isn't perfect security, but it is pretty good security.

    No AV is perfect. None will protect a system in the most high-risk scenarios; infection is just a matter of time.
     
  3. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,317
    Location:
    USN Retired 1969 ~ 1992
    No one in my family (Teenagers included):)
    I have no faith in YouTubers for testing. :)
    My feelings exactly. :D
     
  4. ttomm1946

    ttomm1946 Registered Member

    Joined:
    Jul 23, 2014
    Posts:
    217
    Of coarse that kid the Malware Dr..Who previously failed WSA in a regular test scored 100% in a rollback test..He was amazed*puppy*
     
  5. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    I don't understand why my WSA-AV has not updated from 9.0.8.66 even though my subscription is active. When I click on 'check for update' (from the tray icon) it says that I'm using the latest version, etc., etc.
     
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    It does over a few days but if you don't want to wait download and install over top or do a clean reinstall!

    Thanks,

    Daniel :)

    Please follow the steps closely!
    • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
    • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
    • Download a Copy Here
    • Uninstall WSA and Reboot
    • Install with the new installer, enter your Keycode and don't import any settings if asked to as you can set it up as you like once it's done
    • Let it finish it's install scan
    • Reboot once again
     
  7. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Thanks Daniel. Btw, what is the newest (final) version?

    Also I just noticed that you say it's okay to install over my current install, yet your instructions indicate otherwise?
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
  9. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    I'm running Win7 x64 (SP1) so perhaps the updates subsequent to 9.0.8.66 just don't apply?
     
  10. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    I'm not sure if anyone uses WSA with Eset, but WSA's Identity Shield prevents Eset from injecting into web browsers. It does on my machine anyway. Support said it could possibly affect other AV's that inject into the browser as well. They said they will release a fix soon. I didn't get a chance to report it until 3 days ago, and we finished with the ticket yesterday. I'm not sure how long it will be before a fix is released.
     
  11. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    It really applies to all Windows OS's from XP to Win 10 as there is only one version.
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    Well I can see why....but isn't it more secure not to break the Identity Shield if they can't come up with a fix just saying? As things get more sophisticated in the AV market there will be some incompatibilities as everyone is trying to inject itself into Browsers and processes. I hope they come up with a fix without braking ID Shield! :thumb:
     
  13. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    I informed Webroot I don't recommend sacrificing security to accommodate Eset. I asked support if it could be fixed without sacrificing security. I asked them if they had any recommendation for Eset as far as changing their injection method to avoid the conflict, and they said something like they pride themselves on being the only AV compatible with other AV's so they would try to fix the problem. I'm paraphrasing the jest of their reply. I don't have the support ticket to look at right now. Maybe they know a way of doing it without sacrificing security. Maybe they can just whitelist Eset's .dll by using hash, i'm not really sure. They said if they fix it and WSA blocks Eset's .dll again in later builds then I will have to choose Eset's browser protection, or Webroot's Identity Shield Protection. I'm using WSA on one of my computers, and Eset on another at the moment. I'm not really sure I will want to use them together. I was just testing their compatibility when I discovered the issue. I hope I made it clear I was not pushing to sacrifice security in order to accommodate Eset, but as it stands they are not fully compatible, at least not on all machines.
     
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    I'm sure they do and they always do there best!

    Thanks,

    Daniel ;)
     
  15. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
    No problem. Btw.. in my experience Webroot still has the best support for a large security company. They responded to my support ticket 23 minutes after submitting it, and continued to respond quickly after each reply.
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,649
    Location:
    USA
  17. Cruise

    Cruise Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    1,232
    Location:
    USA
    Daniel,

    Version 9.0.8.80 installed over 9.0.8.66 without a hitch - worked just like an update - I didn't even have to reenter the keycode. :thumb:

    Thanks again,
    Cruise
     
  18. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    No not anymore they are concentrating on the Payload and other protection via the client from any Exploits, and that was a year and half ago times have changed. :)

    Daniel
     
    Last edited: Apr 20, 2016
  19. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    Great and you shouldn't have to reenter the keycode when installing over top as it's just like when WSA self updates!

    Thanks,

    Daniel ;)
     
  20. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    280
    WRLog shows that WSA is continuing to monitor some programs marked 'Allow', including file managers XYplorer and FreeCommander. Is that an indication that something is wrong and I need to re-install?
     
  21. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    It will until the Webroot Cloud Database says it's good or bad but while you set it to allow it's monitoring at a lower level, to get it Whitelisted faster please Submit a Support Ticket and they will do it for you!

    Thanks,

    Daniel
     
  22. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    280
    Okay, thanks. Will do. I'm surprised that some of these programs (e.g. Macrium Reflect) that are in widespread use still haven't been submitted.
     
  23. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    Can you save a scan log and just post the lines that are being monitored and any with U in front! See the different levels of monitoring the higher the more deeper it monitors and allows less access to sensitive system processes. I can't say more as we don't want the bad guys to know more about WSA's tech!

    Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 3 (2830)
    Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 4 (2830)
    Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 8 (2830)
    Thu 2016-04-21 11:00:06.0414 Monitoring process C:\Program Files\VoodooShield\VoodooShield.exe [39AABEB9CE84AD83A1048D1EF81E5610]. Type: 6 (2830)
    Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 3 (2831)
    Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 4 (2831)
    Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 8 (2831)
    Thu 2016-04-21 11:00:08.0364 Monitoring process C:\Program Files\VoodooShield\VoodooShieldService.exe [86AFB18B04E4F6CD2E5AFD766FD32359]. Type: 6 (2831)

    U means Unknown to the Webroot Cloud Database so it's being Monitored above at these levels.
    Scan Started: Thu 2016-04-21 13:00:11
    [U ] c:\program files\voodooshield\voodooshield.exe [MD5: 39AABEB9CE84AD83A1048D1EF81E5610] [Flags: 08081011.2830]
    [U ] c:\program files\voodooshield\voodooshieldservice.exe [MD5: 86AFB18B04E4F6CD2E5AFD766FD32359] [Flags: 00081011.2831]
     
  24. layman

    layman Registered Member

    Joined:
    May 20, 2006
    Posts:
    280
    The list of unknowns is about 170 entries long. Mostly, the entries are unsurprising, but there are a few programs I'd think are fairly common. A few examples:


    c:\program files\bandizip\bandizip32.exe [MD5: E4917E53F8897412336884F72FED66A5] [Flags: 111E1100.8909]
    c:\program files\utilities\process hacker\processhacker.exe [MD5: 68F9B52895F4D34E74112F3129B3B00D] [Flags: 10181100.8942]
    c:\program files\macrium\reflect\reflect.exe [MD5: CC7C2654895E16FF4277004EA22E5841] [Flags: 10181101.8977]
    c:\program files\freecommander xe\freecommander.exe [MD5: 9F73DA23122549FED9F331EEA3FAB5E6] [Flags: 10181101.9607]
    c:\program files\linkman\linkman.exe [MD5: 4BA55549826FEF2C8CE49987D75C0613] [Flags: 191E1110.9113]
    c:\program files\wincatalog 3.x\wincatalog.exe [MD5: B3B917F295F3259DD82BF52D25ADE0D8] [Flags: 10181101.9133]

    X
    YplorerFree does not appear in the list of unknowns, but still appears to be monitored at a low level:

    Thu 2016-04-21 17:22:31.0726 Monitoring process C:\Program Files\XYplorer\XYplorerFree.exe [8503092F8D97C73B6A57EA39B7A15110]. Type: 1 (8097)


    Here are the last few monitoring entries from the scan log:

    Thu 2016-04-21 17:43:11.0093 Monitoring process C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5.exe [8356BD6BA44B0B05143C70F32198FC61]. Type: 4 (9315)
    Thu 2016-04-21 17:43:11.0093 Monitoring process C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5.exe [8356BD6BA44B0B05143C70F32198FC61]. Type: 8 (9315)
    Thu 2016-04-21 17:43:11.0093 Monitoring process C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5.exe [8356BD6BA44B0B05143C70F32198FC61]. Type: 6 (9315)
    Thu 2016-04-21 17:44:56.0874 Monitoring process C:\Program Files\Linkman\Linkman.exe [4BA55549826FEF2C8CE49987D75C0613]. Type: 4 (9113)
    Thu 2016-04-21 17:44:56.0874 Monitoring process C:\Program Files\Linkman\Linkman.exe [4BA55549826FEF2C8CE49987D75C0613]. Type: 6 (9113)
    Thu 2016-04-21 18:22:51.0095 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 4 (8942)
    Thu 2016-04-21 18:22:51.0127 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 8 (8942)
    Thu 2016-04-21 18:22:51.0127 Monitoring process C:\Program Files\Utilities\Process Hacker\ProcessHacker.exe [68F9B52895F4D34E74112F3129B3B00D]. Type: 6 (8942)
    Thu 2016-04-21 18:51:45.0696 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 4 (9607)
    Thu 2016-04-21 18:51:45.0758 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 8 (9607)
    Thu 2016-04-21 18:51:45.0758 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 6 (9607)
    Thu 2016-04-21 19:35:44.0980 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 4 (8887)
    Thu 2016-04-21 19:35:45.0027 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 8 (8887)
    Thu 2016-04-21 19:35:45.0027 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 6 (8887)
    Thu 2016-04-21 19:35:47.0110 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 4 (8887)
    Thu 2016-04-21 19:35:47.0141 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 8 (8887)
    Thu 2016-04-21 19:35:47.0141 Monitoring process C:\Program Files\Utilities\UltraDefrag\ultradefrag.exe [9A84E58486FD977270FA58452A9AE72E]. Type: 6 (8887)
    Thu 2016-04-21 19:35:47.0251 Monitoring process C:\Windows\system32\udefrag-dbg.exe [2034EC8AD08782B08AA5F7C4EBD1B922]. Type: 4 (8885)
    Thu 2016-04-21 19:35:47.0251 Monitoring process C:\Windows\system32\udefrag-dbg.exe [2034EC8AD08782B08AA5F7C4EBD1B922]. Type: 8 (8885)
    Thu 2016-04-21 19:35:47.0251 Monitoring process C:\Windows\system32\udefrag-dbg.exe [2034EC8AD08782B08AA5F7C4EBD1B922]. Type: 6 (8885)
    Thu 2016-04-21 19:36:25.0237 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
    Thu 2016-04-21 19:36:25.0424 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
    Thu 2016-04-21 19:36:25.0424 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
    Thu 2016-04-21 19:36:25.0627 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
    Thu 2016-04-21 19:36:25.0798 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
    Thu 2016-04-21 19:36:25.0798 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
    Thu 2016-04-21 19:36:27.0694 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 4 (8977)
    Thu 2016-04-21 19:36:27.0866 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 8 (8977)
    Thu 2016-04-21 19:36:27.0866 Monitoring process C:\Program Files\Macrium\Reflect\reflect.exe [CC7C2654895E16FF4277004EA22E5841]. Type: 6 (8977)
    Thu 2016-04-21 19:41:14.0158 Monitoring process C:\Program Files\WinCatalog 3.x\WinCatalog.exe [B3B917F295F3259DD82BF52D25ADE0D8]. Type: 4 (9133)
    Thu 2016-04-21 19:41:14.0329 Monitoring process C:\Program Files\WinCatalog 3.x\WinCatalog.exe [B3B917F295F3259DD82BF52D25ADE0D8]. Type: 8 (9133)
    Thu 2016-04-21 19:41:14.0329 Monitoring process C:\Program Files\WinCatalog 3.x\WinCatalog.exe [B3B917F295F3259DD82BF52D25ADE0D8]. Type: 6 (9133)
    Thu 2016-04-21 19:41:51.0216 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 4 (9607)
    Thu 2016-04-21 19:41:51.0279 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 8 (9607)
    Thu 2016-04-21 19:41:51.0279 Monitoring process C:\Program Files\FreeCommander XE\FreeCommander.exe [9F73DA23122549FED9F331EEA3FAB5E6]. Type: 6 (9607)
     
  25. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,045
    Location:
    Ontario, Canada
    @layman did you Submit a Support Ticket to get your files whitelisted?

    And my version of Process Hacker is Whitelisted maybe update to the latest!

    [G] d:\program files\process hacker 2\peview.exe [MD5: DDE1F44789CD50C1F034042D337DEAE3] [Flags: 40011000.605]
    [G] d:\program files\process hacker 2\processhacker.exe [MD5: B365AF317AE730A67C936F21432B9C71] [Flags: 40011000.608]
    [G] d:\program files\process hacker 2\unins000.exe [MD5: 43EA49877A2A1508BA733E41C874E16E] [Flags: 40000000.609]


    2016-04-22_9-28-56.png 2016-04-22_9-29-24.png

    Also this is marked Good! Thu 2016-04-21 17:22:31.0726 Monitoring process C:\Program Files\XYplorer\XYplorerFree.exe [8503092F8D97C73B6A57EA39B7A15110]. Type: 1 (8097)

    You can check the MD5's here: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx?

    2016-04-22_9-38-53.png

    Thanks,

    Daniel
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.