Skip to main content
Ok, so I just signed up for a WSA trial.  When I sign in to the online console, click on "Go to Endpoint Protection", then click on the available download for Windows for my keycode, I get the following error message:

 

C:Users[User Name]AppDataLocalTempRD3TVWgf.exe.part could not be saved, because the source file could not be read.  A box right below that shows:  You have chosen to open SA[private kecode].exe which is a binary file 749kb from http:downbox.webrootanywhere.com

 

So I tried again and this time I get this message:

 

Gateway Anti-Virus Alert



This request is blocked by the Firewall Gateway Anti-Virus Service. Name: MalAgent.H_1116 (Trojan)

 

I also tried following the link that is provided with the email instructions and get the exact same Gateway Anti-Virus alert as shown above.

 

What am I doing wrong?
Hi JereP and welcome to the community!



Looks like you're receiving a false positive of your security solution.

What product are you currently using at your company?
This alert was being thrown up by our SonicWall gateway appliance.
Could you please contact the support of Sonicwall(or Dell) and report the false positive to them? It's probably caused be the heuristics as WSA could look like a trojan downloader or packer.



You could also create an exception on the Sonicwall or download WSA from a client outside of your environment, but I would suggest you to wait till you get help from their support.
I will try to do that. In the meantime, I did download it from my home computer and "Dropboxed" it to work. Scans by Vipre and Malwarebytes both come up negative, so I believe it is okay. The name of the file is basically my keycode followed by .exe.
Let me see who I can ping internally to help resolve this.  Glad to hear you found a workaround in the meantime.
Yes, it's quite unlikely that you're receiving malware from Webroot ;)



Please post a quick update here if the support resolved your problem.
Exactly!  Although I did have the concern that maybe my PC was somehow already infected and was being redirected to something malicious.

 

I also checked the file on VirusTotal and was surprised to find that one out of the 54 vendors classified it as "PE Stealer.Zbot!1.6524"  Now I'm concerned that by doing I may have inadvertantly exposed my keycode to the world.

 
You can request the deletion of your file from virustotal: https://www.virustotal.com/de/about/contact/#file-deletion



Anyway I would suggest that you request a new keycode after your trial.
Just heard back from dev that they're aware of this issue and working with Sonicwall to get it resolved.
I came across this error also. I'm not sure if it correlates but I am also receiving an error when attempting to update clients to 8.0.4.104 that "SecureAnywhere could not be updated at this time."

 

I'm pretty much handcuffed at this point.
@ wrote:

I came across this error also. I'm not sure if it correlates but I am also receiving an error when attempting to update clients to 8.0.4.104 that "SecureAnywhere could not be updated at this time."

 

I'm pretty much handcuffed at this point.

Let me see if I can find out what might be causing that.
I am also having the same problem with two different companies runnig sonicwalls. Lots of alerts on MalAgent.H_1116  and cant update webroot.

 
@ wrote:

I am also having the same problem with two different companies runnig sonicwalls. Lots of alerts on MalAgent.H_1116  and cant update webroot.

 

Sorry you're having trouble as well.  We're working on getting it resolved, but in the meantime you'll just have to bypass the firewall.
SonicWALL appears to have removed the "MalAgent.H_1116" definition from their Gateway Anti-Virus as of this morning. I can also verify that my clients have started to update this morning as well but some are still receiving the "SecureAnywhere could not be updated at this time." error.
@ wrote:

SonicWALL appears to have removed the "MalAgent.H_1116" definition from their Gateway Anti-Virus as of this morning. I can also verify that my clients have started to update this morning as well but some are still receiving the "SecureAnywhere could not be updated at this time." error.

Hello @ Welcome to the bussiness side of WSA.:D   I'm using WSA Businness also and I had the same error but when I rebooted the PC I got WSA to install updated version as well. Sometime the most obvious might work. @ will get this worked out I'm sure as soon as possible.

 EDIT

I hope this will work for you sincerely I do.;)

 

Regards,
Just heard back with more info.  Apparently the Kaspersky and McAfee AV engines running on the Sonicwall firewalls are causing this.  We have a ticket open with them, but if anyone who is affected can call Sonicwall as well that will help light a fire under their you-know-whats 🙂
Great to see that the problem got resolved so quickly.



@Nic: I tried to find out what engines Sonicwall is using but didn't find any information on that topic and Dell also doesn't have a dedicated page for false positives.

I've read somewhere that they might use McAfee but their product didn't detect WSA as malware...

Reply