How can I stop Webroot SecureAnywhere from automatically deleting viruses/potential viruses?
CE 24.4
Thanks
Solved
Viruses being automatically deleted
Best answer by TripleHelix
BBourassa wrote:
Why is the “virus” not being sent to quarantine. This is my bigest question. They used to go there, now they do not.
All I can say is Contact Webroot Support and they will tell you what’s going on as we can’t see on the backend and only support does!
Webroot Support:
Submit a ticket The best way
Call 1-866-612-4227 during the week Mon - Fri 7 AM to 5:30 PM (MDT)
Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.
Thanks,
+63Hello
WSA shouldn’t delete anything without user input. Can you Save a Scan Log and post the lines of what has been deleted and it will be near the bottom of the log.
Right click on the Webroot Tray Icon.
Please see here for the latest version of WSA as CE 24.4 is the edition of the Management Console.
Thanks,
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
thnk what is happening is that the protection alerts me, but there is nothing in the quarantine where usually there is.
-Brian
+63BBourassa wrote:
thnk what is happening is that the protection alerts me, but there is nothing in the quarantine where usually there is.
Can you post the lines from a scan Log then I can help you more!
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
Thu 2024-10-31 14:42:44.0160 Infection detected: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe [SHA256: A0F668F8B32BF3794E20D6307827166C35AE8D4669CC4F817ADB683B8EA3C523] [MD5: 664B0BE80EB0E17FBEB2827E17F90C3D] [3/08080001] [W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0160 File blocked in realtime: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe [UniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes] [134742017/00000003] [W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0175 Determination flags modified: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe - UniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes, Flags: 00000020
-Brian
+63Hi
Do you feel that this is a true infection or false positive?
The MD5 hash shows that Webroot says it’s bad:
On VirusTotal many AV’s say it’s bad: https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523/detection
If you feel it’s not bad then Please contact Webroot Support and they will let you know for sure!
Webroot Support:
Call 1-866-612-4227 during the week Mon - Fri 7 AM to 5:30 PM (MDT)
Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.
Thanks,
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
VirusTotal has 44/72 matches for a bad verdict
https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523
John
+63jhartnerd123 wrote:
VirusTotal has 44/72 matches for a bad verdict
https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523
John
I re-scanned it and it’s now 47 out of 72 https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523?nocache=1
Even the Jotti scanner shows Bad but they don’t have many scanners like VT: https://virusscan.jotti.org/en-US/search/hash/664B0BE80EB0E17FBEB2827E17F90C3D
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
+63Webroot still doesn’t detect on VirusTotal and
Another good one: https://www.webroot.com/blog/2015/12/02/whats-in-a-name/
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
Why is the “virus” not being sent to quarantine. This is my bigest question. They used to go there, now they do not.
-Brian
+63BBourassa wrote:
Why is the “virus” not being sent to quarantine. This is my bigest question. They used to go there, now they do not.
All I can say is Contact Webroot Support and they will tell you what’s going on as we can’t see on the backend and only support does!
Webroot Support:
Submit a ticket The best way
Call 1-866-612-4227 during the week Mon - Fri 7 AM to 5:30 PM (MDT)
Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.
Thanks,
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
+63
What this tells me:
Drive R it must be a USB Flash Drive or can you tell us what Drive R is?
Thu 2024-10-31 14:42:44.0160 Infection detected: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe [SHA256: A0F668F8B32BF3794E20D6307827166C35AE8D4669CC4F817ADB683B8EA3C523] [MD5: 664B0BE80EB0E17FBEB2827E17F90C3D] [3/08080001] [W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0160 File blocked in realtime: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe [UniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes] [134742017/00000003] [W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0175 Determination flags modified: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe - UniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes, Flags: 00000020
Look at the Block/Allow Files list to see if it’s allowed if it is remove it and do another scan and allow WSA to remove it.
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
+63Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
In the past, when something was questioned by the WebRoot app the file in question was sent to the quaranteen and a “Block” entry was added to “Block/Allow” tab. This is not happening. The particular entry is not already located in the “Block/Allow” section. Wether Drive R: is a USB or not should be irrelevant, in my opinion.
-Brian
+63BBourassa wrote:
In the past, when something was questioned by the WebRoot app the file in question was sent to the quaranteen and a “Block” entry was added to “Block/Allow” tab. This is not happening. The particular entry is not already located in the “Block/Allow” section. Wether Drive R: is a USB or not should be irrelevant, in my opinion.
Again:
All I can say is Contact Webroot Support and they will tell you what’s going on as we can’t see on the backend and only support does!
Webroot Support:
Submit a ticket The best way
Call 1-866-612-4227 during the week Mon - Fri 7 AM to 5:30 PM (MDT)
Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.
Thanks,
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.