Greetings. I run Malwarebytes on my Windows 10 desktop in addition to Webroot. I updated Malwarebytes to Version 3 today and Webroot identified a Malware database update file as a trojan, W32.Trojan.Gen, and caused the PC to not log on to the desktop with a blue screen of death. I was afraid I'd have to rebuild but persistent reboots, selecting the startup option to not start malware software, after about 8 reboots it finally started up. Another scan ran, it picked up the file again and I selected Webroot to allow the file instead of remove it this time. I am unable to find the file on the computer with search at all, but I'd like to verify that the file is in fact whitelisted and won't cause any more issues, and perhaps exclude more from scanning. How is that done in the application?
Page 1 / 1
Hello
1 - save a threat log | how to: http://live.webrootanywhere.com/content/843/Saving-Threat-Logs
2 - Find [e] characters in to saved file
for example
[e] d:soft rashreg rashregx64full.exe [MD5: 2B3742E423AC0C5B7326E84B8FD58D72] [Flags: 40080100.6112] [Threat: W32.Trojan.GenKD]
3 - send this string(-s) and description of the problem to support: https://www.webrootanywhere.com/servicewelcome.asp
+
You can read articles:
Managing Quarantined Items
http://live.webrootanywhere.com/content/603/Managing-Quarantined-Items
Blocking or Allowing Files
http://live.webrootanywhere.com/content/604/Blocking-or-Allowing-Files
Managing Protected Applications
http://live.webrootanywhere.com/content/610/Managing-Protected-Applications
1 - save a threat log | how to: http://live.webrootanywhere.com/content/843/Saving-Threat-Logs
2 - Find [e] characters in to saved file
for example
[e] d:soft rashreg rashregx64full.exe [MD5: 2B3742E423AC0C5B7326E84B8FD58D72] [Flags: 40080100.6112] [Threat: W32.Trojan.GenKD]
3 - send this string(-s) and description of the problem to support: https://www.webrootanywhere.com/servicewelcome.asp
+
You can read articles:
Managing Quarantined Items
http://live.webrootanywhere.com/content/603/Managing-Quarantined-Items
Blocking or Allowing Files
http://live.webrootanywhere.com/content/604/Blocking-or-Allowing-Files
Managing Protected Applications
http://live.webrootanywhere.com/content/610/Managing-Protected-Applications
Hi anothermike
Welcome to the Community Forums.
There is actually no need to provide the detail to the Support Team...just opene the support ticket, explain which file you are concerned about/believe may be the subject of a false positive determination and that should do it as the scan log data is automatically upload by default as and when you open the ticket.
You are of course free to add the additional infromation in the body of the ticket but there is no need to take the time or trouble for just one file.
Having said that I routine do what Petr has described, review the contents of the [u] designated files listed, and some times there are a number, copy/paste them into the support tciket and use that to ask the Support Team to verify & whitelist the ones they find to be safe, etc.
Hope that helps further?
Regards, Baldrick
Welcome to the Community Forums.
There is actually no need to provide the detail to the Support Team...just opene the support ticket, explain which file you are concerned about/believe may be the subject of a false positive determination and that should do it as the scan log data is automatically upload by default as and when you open the ticket.
You are of course free to add the additional infromation in the body of the ticket but there is no need to take the time or trouble for just one file.
Having said that I routine do what Petr has described, review the contents of the [u] designated files listed, and some times there are a number, copy/paste them into the support tciket and use that to ask the Support Team to verify & whitelist the ones they find to be safe, etc.
Hope that helps further?
Regards, Baldrick
@ wrote:
as the scan log data is automatically upload by default as and when you open the ticket.Hmm, I didn't know that. I thought they needed the WSA Download Logs Link Tool. Learn something new today. 😃
Well, actually, DAve...neither did I until one day one of the Webrooter advised on this in a thread and since then I have refrained from including anything in the support ticket and usually that is enough but if the Support Team need more info then they will almost certainly request the use of the wsalogs.exe tool as you have stated.
But then again I amy be wrong or this may have changed so perhaps@ can comment on the veracity of my statements?
Regards, Baldrick
But then again I amy be wrong or this may have changed so perhaps
Regards, Baldrick
This False Positive appears to have been corrected - we don't have the exact info here but a file matching your description was whitelisted.
If a file is detected, restoring the file from quarantine will whitelist the file locally for you.
It is always best to report any false positives you encounter via the support system. You can also submit files via the client or the following link: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx
-Dan
If a file is detected, restoring the file from quarantine will whitelist the file locally for you.
It is always best to report any false positives you encounter via the support system. You can also submit files via the client or the following link: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx
-Dan
Daniel 😉
Yes, general information is included when you open a support ticket with us. This includes the scan log and all activity with Webroot since it was first installed.
The WSALogs tool provides a much more broad overview of the System as a whole. If our Team is requesting this, it's because they need some of the information that it includes.
Hope this helps. My motto is: If all else fails, LOGS, LOGS, LOGS!
Hi JP, thanks for confirming that I had not imagined it or that I was falling victim to my advancing years...;)
Baldrick
Baldrick
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.