Win32.RuleBlock.1

Discussion in 'Prevx Releases' started by BoerenkoolMetWorst, Aug 4, 2013.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    What does this detection mean? I've never seen it before, WSA detected Seamonkey 2.20 beta 3 setup as this today, though I already installed it earlier and it didn't warn back then.
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Can you look for the line with the MD5 from the Scan Log and post it?

    TIA,

    Daniel
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you have your heuristics very high or at maximum, you could experience this on new, untrusted applications. If you trust the program, you can safely Allow it to execute.

    Hope that helps!
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Thanks :) It was on a VM and I do have heuristics to max there, and warn on execute if untrusted. I did get a warning when I executed it that it was untrusted, but I allowed it, so should it still detect it later?

    Here's the scanlog line:
    c:\users\xxxx\downloads\seamonkey setup 2.20b3.exe [MD5: 1C863F22AC3AD21CBC85892D295004D0] [Flags: 00080081.10767]
    Btw, what does the stand for?
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada


    I'm trying to find out but Joe will probably post back before I get an answer. ;)

    Daniel
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK


    It should allow it once overridden to Allow. I= "Inhibit Execution", basically, block that instance of the file, but it isn't specifically bad from our database.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    I think I clicked Allow Once, instead of Allow so that would explain it. Thanks :)
     
Thread Status:
Not open for further replies.