Skip to main content
To Customer Support To Customer Support
Has anyone been reporting false positives for rootkits on new Windows 10 or upgraded Windows 10 machines?  The WSAC notification icon has been displaying as "Infected" once a week, but when I scan my computer, the scan returns negative.  Last week, I removed what WSAC pinged as 4 rootkits pertaining to:

HKLMSystemCurrentControlSetServicesOneSyncSvc_Session; 

HKLMSystemCurrentControlSetServicesPimIndexMaintenanceSvc_Session;

HKLMSystemCurrentControlSetServicesUnistoreSvc_Session; and

HKLMSystemCurrentControlSetServicesUserDataSvc_Session. 

 

This afternoon, my WSAC icon again displayed "infected" and I ran (and saved) a scan which returned negative; but the threat log identified the same 4 items listed above.  

 

I'm inclined to believe that the items above were removed based on the policies I've implemented on my machine, and I'll check my event logs to verify that Windows reinstalled those items; however, the nastiness of rootkits is why I am asking for input before I tell WSAC that they are authorized processes.

 

Thank you,

Krieger_bot
Hello ?,

 

Welcome to the Webroot Community,

 

Would you please submit a Support Ticket which is free of charge with an active subscription.

 

The support team will have a look and will whitelist these for you if need be.

 

 

Thank you,
I have the same exact problem.

 

It would be helpful if Webroot would simply post if these are actually false positives...
Hi Vince_C,

 

If you are having the same issues then it's best to Submit a Support Ticket and they can check this out for you which is free of charge with a Webroot subscription. https://www.webrootanywhere.com/servicewelcome.asp

 

 

Hope this helps?

Reply


Terms & Conditions