Skip to main content
Microsoft Security Essentials found this virus on my PC but Webroot did not.  I Webroot aware of this?
Hello sferrell, welcome to the Webroot Community!

 

What MSE found could be any number of things: A False Postive (FP), what we call a PUA, or a new variant of an infection.  In all cases, you would be well advised in this case to submit a Trouble Ticket ASAP  to have Webroot Support take a look.  This is FREE of charge with your valid WSA license.  

 

I have seen more than one post regarding this over the last day so it would be very wise to follow through with the Trouble Ticket.

 

 

After you have filed the Trouble Ticket, if you are interesting in learning more about FP's and PUA's, read on :)

 

 

PUA's:

 

PUA. (Potentially Unwanted Application)These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.

 

WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.

 

 

Also, we have had a lot of discussion regarding these recently, and I have posted an Idea for Webroot to consider asking them to increase PUA detection.  The more  users that need help removing a particular PUA the more likely and faster that PUA will be added to detection.

 

 

FP's:

False Positives are simply what the  name implies: when WSA or another AV solution incorrectly identifies a safe file as being 'postive' for malware.  This happens more than what many people realize for a number of reasons.  

 

One of the most common sources of this is gaming mods or cracks.  These files generally are intended to modify the exectuable of a game program, and are thus detected as possible malware.  Malware often modifies the executable code of a program, so non maliciious files that have the same behavior are often flagged as being bad even if safe.

 

New software versions.  Sometimes a file is flagged incorrectly as malware simply because while safe, it is a new version not yet known by the AV solution.

 

Human Error.  While no one wants to admit it, errors happen when classifying files as being 'good' or 'bad'.  An error made when classifying a file can result in an FP as well.

 

There are other reasons, but you get the idea.  No AV is perfect, and FP's do happen.  The great thing about WSA is that once a FP is identified as such it can be 'fixed' globally, for all users, pretty much instantly due to the nature of the WSA Cloud.  Pretty handy indeed, but this can only happen when users report FT's via a Trouble Ticket.

 

 

Reply