Threats Detected! -- What? Where?

  • 13 October 2015
  • 2 replies

Userlevel 1
About once a day my Webroot tray icon displays an exclaimation point. Upon opening the program, the red "Threats Detected" screen is displayed, listing Active threats = 1 (sometimes more).
*However* If I initiate a scan, it says no threats were found! Also, a review of the Quarantine log does not show any recent entries.
After the scan the main screen is green again, and no threats are indicated.
What gives?? Why is this happening, and where can I look to see what is triggering Webroot to tell me that Threats are Detected???

2 replies

Userlevel 7
Hi mkolina
Welcome to the Community Forums.
It looks like WSA is detecting and then clearing the threats. It is quite possible for there to be nothing depends on the threat detected and dealt with...I have had this happen on occassion.
To find out exactly what is triggering this behaviour you can refer to the Scan & Threat Logs that WSA keeps; in this case I would start with the latter of the aforementioned logs.
To do this please follow these instructions:
1. Click on the gear/cog symbol to the right of the 'Utilities' tab in the main app panel.
2. On the next panel displayed click on the 'Report' tab.
3. On the Reports panel click on the 'Save threat log' button.
4. Provide a file name for the file to be saved (I call my 'WSA Threat Log'), and a location to save it to, and click on 'Save'.
5. That will open a Notepad box in which the log saved is displayed, and which you can then scan, search, etc.
Please not that it is cumulative and therefore the latest information will be displayed at the end of the log.
The same process can be used in the can of the Scan Log, just using the other button so marked on the Reports page.
If you have any concerns about what you find/read or are unsure as to what the logs mean then please Open a Support Ticket to let the Support Team know of your issue and to allow them to assist you with it. The service is free of charge for WSA users with an active/current subscription.
I hope that helps?
Regards, Baldrick
Userlevel 1
Upon saving and reviewing the contents of my scan log, I found several listings of, "Infection detected: C:"...filename.
Most were the remnats of a browser extension, searchprotect, which I had managed to disable over a year ago, but never removed all its pieces. Although I can't be 100% sure, I think that's what was triggering the alert.
I've manually removed all the files identified as an infected, and will see if this puts an end to these alerts. But I'm curious....
Why did the "Infection Detected" exclaimation point appear in my tray icon "out of nowhere" after a clean manual scan, and why weren't the files listed as infected on the scan log reported and dealt with during the scan?
I'm generally pretty happy with the performance of SecureAnywhere, but it would be helpful if files identified as containing an infection were reported during the scan, regardless of whether they are 'active' or not. Certainly, if the files trigger an "Infection Detected" warning, they should be identified specifically.
Thanks for your help.