Webroot blocking LoJack problem..

  • 18 January 2013
  • 46 replies

Userlevel 1
I just spent 109 bucks on the 3 year protection of lojack for my laptop.  When I attempted to install it, it was having issues sending data on where it was located and would not complete the install until I removed Webroot.  Simply turning off the firewall did not work.  I know what the lojack files are called that are running all the time.  WHen i reinstall webroot i dont think they could get out to the internet if my laptop is stolen.  I dont like the idea of moveing to a antvirus software I didn't pay for to fix this.  Anyone have any ideas how i can open up a small hole to let the files communicate out?

Best answer by vango44 28 February 2013, 21:45

View original

46 replies

Userlevel 7
Badge +56
Hello DarkMist and Welcome to the Webroot Community Forums.
I would suggest that you Submit a Support Ticket while having both programs installed so they can gather some logs from your system, it could be a simple thing as Whitelisting some files in the Cloud.
Same problem here. I submitted the problem to Webroot support.
Initially I thought the problem was with Lojack and went through their support.
The e-mail I received from them follows:

Hi Joel,
Thank you for contacting Absolute Software Global Support regarding your LoJack For Laptops installation.
This problem may be a result of a few different possible causes.  Do you have the antivirus program Webroot installed on your computer?
We recently became aware that the antivirus program Webroot rolled out a silent update on 12/13/2012 which blocked LoJack from working properly.  For this reason, any customer who has both LoJack and Webroot installed will see that their LoJack software stopped calling in on that date (12/13/2012). 
Unfortunately, because we are dealing with a third-party program which is actively blocking our software from working, we do not have an immediate fix in place.  This is considered a very high priority issue for us as it is currently affecting over a thousand of our customers, and are in the process of working directly with Webroot to resolve the problem from the back end. 
If you do not have Webroot installed, please let me know and I will troubleshoot this matter further.
Global Support
Userlevel 7
Badge +6
Kudos for investigating this issue and posting your results so other people know about it!
Userlevel 7
Thanks for the details vango44.
We only found out about this yesterday and we are now connecting with LoJack. Thank you for your patience while we get this resolved and we will provide updates this week about the progress. 😃
Userlevel 7
Badge +56
Also I would like to see something similar that's in the https:///t5/Ideas-Exchange/Anti-Theft-function-for-PC/idi-p/19936 already give it Kudo's! 😉 Also the ability to Lock and or Wipe the system as compared in the Mobile App.
I have the latest version of SecureAnywhere on both Windows 7 and Vista machines. The problem is only happening on the Vindows 7 machine. Vista works fine with the identical updated Webroot software. A few observations to pass along
1) The "obvious" settings for SecureAnywhere on both machines are identical.
2) The "Protected Programs" list appears different. I added absolutenotifier and absolute exe's as listed in Windows programs bu that didn't affect the ability to successfully call in
3) The Windows 7 machine is 64 bit Visa is 32 bit. As perhaps expected, the Absolute Software files are installed in the x86 section of the Windows program files on the Windows 7 machines (so I take this is still a 32 bit app vs a native 64 bit app, not that it makes a difference from functionality standpoint....)
4) When I try to trace the activity of the Absolute call in under SecureAnywhere "event details" there doesn't seem to be any record of the "event" so that i can even have a clue as to what is being obstructed. I'm surprised that SecureAnywhere doesn't seem to be overtly tracking this activity!! But then there are multiple events so I could be overlooking them
5) I had to uninstall Webroot SecureAnywhere (based on this post) to even reinstall and have a successful "activation" phone call with Lojack. As I was reinstalling Webroot, I did a test call with Lojack and it went through. At some point (I didn't do multiple test calls, I'll leave that to the Webroot and Lojack teams) the ability to call-in was blocked. As a suggestion, onemight want to repeat this uninstall/reinsall of SecureAnywhere to determine the exact point at which the ability to call in successfully is blocked. As I mentioned, it is not blocked immediately.
I hope this problem is resolved very soon, would hope it doest not take a month or longer, as, unfortunately, I will have to discontinue SecureAnywhere rather than LoJack. This problem does not happen with Norton Internet Security (I run both concurrently and aside from annoying messages from NIS that the programs are incompatible, I ignore those messages to uninstall SecureAnywhere because I've always liked the dual layer of protection and the Webroot team. :-)
Fix this team ASAP!!!!
Userlevel 7
MPF94025, welcome to the forums!  What great details you have.. hopefully they will be of help to Webroot in resolving this.  One of the MODS on here will probably be on soon, but I would suggest that you also Submit a Trouble Ticket and provide the detailed information  you have on here as well.
Userlevel 1
I'm dropping this note to let you guys know Im watching this thread and holding off on reinstalling Webroot on the lappy until this gets resolved.  I would hate to have the laptop stolen and not able to recover it due to webroot.  I wonder if the 1000$ garontee still would work if webroot was installed..
I sent along the information provided in my earlier post as ticket to Webroot support. I'm uninstalling SecureAnywhere for the same reason, hopefully fixed soon.
Userlevel 7
For any new customers who have not been through the support system, please Open a Support Ticket if Webroot is blocking LoJack. In the support ticket please indicate that LoJack is being blocked and that you need to submit WSA logs.
We will be gathering more information and WSA logs for our engineers and threat researchers who are currently working on this.
Userlevel 1
Going to try something new..  I added rcpnet.exe to identy shield as allowed.  If this fixes the problem ill let ya know.  Unfortunatly i cant force it to broadcast out so i may have to wait a month before i know it works.
Userlevel 1
AH Hah!  I think that got it!..  Identity Shield is blocking rpcnet.exe.   Click the Identiy & privacy Tab.  Then, CLick on View/Edit Protected Applications.  then click on Add Application.  Find the application in c:windowssyswow64
cpnet.exe then click the Allow dot on that application and Walla..  lojack can now broadcast out.  Can other people verify this fix?  I forced lojack to rebroadcast out by uninstalling, and then reinstalling.  If it completes the install  Its allowed (i hope) 
Userlevel 1
YOu can Uninstall lojack by logging in to there site and clicking the more button then clicking uninstall.
Userlevel 7
Thanks for updating the thread, DarkMist. :D
I am having our dev and QA teams investigate to see if this will work as a long term workaround. I have also added these notes to your support ticket.
Will be great if this solutions works!
What are the broader implications of reporting rcpnet.exe to identy shield as allowed?
Appreciate any insight....
Userlevel 1
rpcnet.exe is the file along with rcpnet.dll that gets installed via the BIOs chip when your stolen laptop gets a new harddrive installed in it.  Its the main program that calls out when your stolen laptop connects to the web.  There are not any broader Implications.  Your Just allowing lojack to call out your location while Webroot was installed.   If your laptop is stolen you dont really have to worry about webroot anyway.  the New harddrive will probably not have webroot installed.  If the stolen person manages to get in the laptop..  (with webroot)  This fix will allow it to call out.
Userlevel 7
It's actually "rpcnet.exe," just to correct the typo, for anyone wanting to use this workaround. :)
Thank you DarkMist!
Userlevel 7
DarkMist - I just wanted to let you know that I edited the .exe in your replies so that users wanting to use this workaround do not get confused. :D
Userlevel 7
Also, I have created a Tribal Knowledge Base Article: Webroot Blocking LoJack - with you as the primary contributor.
Thanks for your input! :D
Hi all.
Adding rpcnet.exe by itself did not fix the problem for me. My Lojack console lists my laptop as being in Oregon, with last checkin over 2 days ago. I haven't been to Oregon in decades.
I've also added absolutenotifierservice.exe and absolutenotifier.exe to the "allow" list in protected applications for SecureAnywhere's Identify and Privacy Identify Shield, and no luck so far with a successful test call.  I've also added as permitted websites on the list of identify and privacy/identify shield/protected websites and on the "Overview" page, under "secure sessions currently active...". I still can't seem to get a successful test call in.
As mentioned earlier, when I uninstalled, reinstalled SecureAnywyere, I was initially able to make successful calls with LoJack, then the call-blocking re-appeared.
Has the adjustment to rpcnet.exe on other's machines been a stablef fix? Perhaps I've missed a step or have another issue. I have not uninstalled/reinstalled lojack, not sure how this would make a difference.
Thanks for ongoing input.
Userlevel 7
MPF94025 - you mentioned earlier that you opened a support ticket, could you please Send me a Private Message with the email address that you used?
Userlevel 7
It appears the knowledgebase article left out the "uninstall and reinstall LoJack" portion of the solution. It's been amended. As DarkMist noted, this appears to be necessary to get LoJack to rebroadcast. The key appears to be allowing rpcnet.exe prior to the uninstall/reinstall of LoJack.
Userlevel 1
Yea you forgot to uninstall from the website and reinstall to force lojack to call out.  It only calls out once a day..  and sometimes not that often otherwise.  When you reinstall, if you dont get that lojack error, it has called out.  It may not show for a day though..
Still not working for me.
I uninstalled Lojack, added rpcnet.exe (also saw a rpcnetp.exe so added that as well) to Webroot allowed applications in identity shield.
I then began the Lojack install again and it went through the 10 call attempts process and ended with an error (1401).
During the install attempt I see that Lojack setup app is connecting to a remote IP on port 443 and there is traffic.
I haven't tried uninstalling Webroot first. I assume Lojack will quit working again after Webroot is installed again.
So, hopefully somebody else will find a way to get this working again.
Userlevel 7
I'm not necessarily sure that the order of the steps matters, but I would have to suggest doing them in the same order as originally stated to see if that's a factor or not. Adding the service was done prior to uninstalling and reinstalling LoJack. Whereas you added the service with LoJack already uninstalled. That might matter.