Skip to main content

We were alerted that JoeSandbox.com was marking the current version of WRSA.exe as potentially malicious, noting PoisonIvy. We have confirmed with the team at JoeSandbox that this is a false positive detection and they have now made changes to reflect the correct state of WRSA.exe. 

We will update this post with information from JoeSandbox if it becomes available.  

I’m really glad to hear that this was a false positive, but can Webroot please confirm that WRSA does not have ‘Remote Access’ capabilities that can potentially be exploited by threat actors?


I’m really glad to hear that this was a false positive, but can Webroot please confirm that WRSA does not have ‘Remote Access’ capabilities that can potentially be exploited by threat actors?

 

The PoisonIvy ‘Remote Access Trojan’ was a confirmed False Positive detection for our executable and we have no further update from JSB on their erroneous detection. 

The other "warnings" Joe Sandbox alerts are all things that are totally normal for security suite


Reply