Skip to main content
So I was fooling around with the ID Protect and it's inabilty to block PunkBuster based screenshots.  During the fooling/testing around process I went to System Control and Control Active Processes, there I placed the running PunkbstrA.dll into BLOCK categroy.

Suddenly the PunkBstrA.dll dissapeared from the list and now I have "3 Active Threats" detected in Webroot.  When I perform a scan, it finds the PunkBuster files and it names them Win32.UserAdded or something along those lines.

This is behaviour is totally different from what Webroot used to do.  Before in prior versions, if I chose BLOCK in Control Active Processes then webroot would still display the file I chose to block in the Control Active Processes window.  SO  I could Block, Monitor or Allow it all day and it didn't go on the witch hunt.

 

 Now I am looking everywhere and I can't find a way to remove those files from being witch hunted.  

HOw do I remove the "block" and prevent those files from being detected as Win32.UserAdded....is there a way to undo the things we block?  Can't seem to find it.
Answer to my own question in order to help the community.

After you perform the full scan and see the files you added listed as win32.useradded, then just uncheck the checkmarks to the left of the files (the checkmarks that allow webroot to delete those files) then you hit NEXT.  The subsequent screen will provide the user with an option to either ALLOW, MONITOR or BLOCK.

 
Sorry I over looked your post and you are correct. But I will let one of the Threat Researchers answer your Question about PunkBuster as I know you had a conversation with Roy already. https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/PunkBuster-software-is-able-to-screen-grab-even-the-protected/m-p/61751#M4399

 

Daniel
Indeed I have.  Yet I am still waiting to see if he can reproduce my problem.

Punkbuster still grabs the picture of the screen even when blocked.
To answer you question in the first post, click on the gear sign besides PC Security on the WSA interface. Click on Block/Allow files, find the ones you're looking for from the list and allow them.

Reply