Fresh install of WSA AV 2014 (8.0.4.42). I unchecked "Prevent interuptions" and "automaticlly quarintine previously block files" per Triple Helix. I download the eicar test file and not a peep. I execute it and not a peep. I open up the main GUI and it tells me an infection was found please scan. Whats up with this. Previous version did not do this. Thanks.
Just downloaded some malware samples and not one pop up. Opened up the main GUI and same thing. Infections found run a scan. What gives?
Page 1 / 1
Are you sure it's not behind the Browser window or other open programs?
Daniel
Daniel
Seriously......................Come on. You know me better then that. If I post something its real. NO POPUP in the right bottom corner above the system tray. NONE what so ever.
Hello GTR707,
I'm sorry to hear that you are having these problems!
Daniel, I was able to replicate the issues that he is describing. I was able to replicate Webroot's realtime shield not doing anything other than saying "Infected" and "Webroot must run a scan to remove." multiple times but I was only able to replicate the no warning issue once or twice. Regarding the realtime shield not removing it but saying that a scan must be run, I found that this stopped happening when I rechecked "automatically quarantine previously blocked files". Then I unchecked it, and Webroot just asked to run a scan rather than automatically remove it (I also executed the files without Webroot blocking it). Then I rechecked the automatically block setting and at first Webroot did not automatically remove the next file I downloaded but after that it did, and I was able to replicate this behavior several times.
I do not want to contradict Daniel as he is one of the most knowledgeable people here! I respectfully ask that you please re-enable the "automatically block" setting and see if this makes a difference. It might take running a manual scan (or downloading one test file and running a scan yourself from the interface) before this setting kicks back in and starts automatically removing the files, as when I tested it, the setting did not kick back in until I had downloaded one file and ran a scan manually again.
Hope this helps,
Shran
I'm sorry to hear that you are having these problems!
Daniel, I was able to replicate the issues that he is describing. I was able to replicate Webroot's realtime shield not doing anything other than saying "Infected" and "Webroot must run a scan to remove." multiple times but I was only able to replicate the no warning issue once or twice. Regarding the realtime shield not removing it but saying that a scan must be run, I found that this stopped happening when I rechecked "automatically quarantine previously blocked files". Then I unchecked it, and Webroot just asked to run a scan rather than automatically remove it (I also executed the files without Webroot blocking it). Then I rechecked the automatically block setting and at first Webroot did not automatically remove the next file I downloaded but after that it did, and I was able to replicate this behavior several times.
I do not want to contradict Daniel as he is one of the most knowledgeable people here! I respectfully ask that you please re-enable the "automatically block" setting and see if this makes a difference. It might take running a manual scan (or downloading one test file and running a scan yourself from the interface) before this setting kicks back in and starts automatically removing the files, as when I tested it, the setting did not kick back in until I had downloaded one file and ran a scan manually again.
Hope this helps,
Shran
What have you changed then as I get the pop-up and the Icon goes gray with a red exclamation mark? And this was on download! I will send you an email!
Daniel
Daniel
I AM NOT GETTING ANY ALERTS. Gezzz. Nothing like what you show Daniel. And CommanderShran is experiecning the same issue so its not just me. I do not get the big square you show.
All those are there Daniel. But I just tried in IE 11 and WSA behaves differently. When I click on the eicar.com file in Chrome the file downloads and no popup. The same file in IE 11 produces a web shield alert. The same goes with the zip file. Why does WSA behave differently in IE then Chrome?
Yea your using Win 8.1 right! I'm on Win 7 x64.
Yes I am running 8.1 Pro, maybe it's the Windows 8.1 OS itself causing it?
I am not on Win 8. I am using Win 7 64bit and Chrome. IE 11 installed also. eicar.com downloaded via Chrome prodcuces no alert. eicar.com downloaded produces an alert. Same as the zip file.
How about IE11 and the link I sent you?
Ok after 5 times now I am finally gettingt an alert pop up. Very odd WSA behavior. Maybe something for the devs to look into. I would like to know why doesn't the web shield block it in Chrome as in IE 11?
As i said in the email it's not the Web Shields job it's the Realtime Shield as it get's blocked during download! The link all it does is open a download box it doesn't not open to a website. Also I don't harden my system at all I run as Admin no UAC I'm not saying for others to do that but I get the red warning box and the Icon turns gray with a Red Exclamation mark! But that's as far as I can talk about malware testing as I'm crossing the Community Guidelines about such.
Cheers,
Daniel
Cheers,
Daniel
Kudos Daniel!
I dont harden my system either. Tried Emet before and it causes things to hang.
i've found that IE 11 itself is buggy and also somthing you can do is check the firewall to see current things being monitored or denied, because sometimes it will just deny or monitor it without the pop up, it did this in my testing with probly the worst possible virus/randsomware Cryptolocker, also do you hvae the browser add-on's for webroot enable or disabled?
also be careful bringing up testing on the fourms, as i let it be known i was testing and they didn't like that to much, so tread lightly.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.