Hi ,
I have some files .
When upload they at virustotal website , some AVs show they are Threat .
but when i scan their with my Webroot do not detected .
Also i upload their at link and check MD5 .
example MD5 : 09389f0f4123b85cd5cdbfbba5d29222 & 001b8f696b6576798517168cd0a0fb44
link
Amir
Page 1 / 1
Hi Amir
That is quite normal...all AV & IS Security vendors have some files or apps that they classify differently to one another for a number of reasons often only know to them...so that often you will get a file or app response from VT of something like 1/57 or 2/57 positives found when WSA come up with nothing.
I am not worried by that as it often happens. It is when a more significant number of positives out of 57 are reported and then I tend to check the positives and if they are from the main security vendors then I may well take notice.
But other than that it is just par for the course and something to be expected.
Regards, Baldrick
That is quite normal...all AV & IS Security vendors have some files or apps that they classify differently to one another for a number of reasons often only know to them...so that often you will get a file or app response from VT of something like 1/57 or 2/57 positives found when WSA come up with nothing.
I am not worried by that as it often happens. It is when a more significant number of positives out of 57 are reported and then I tend to check the positives and if they are from the main security vendors then I may well take notice.
But other than that it is just par for the course and something to be expected.
Regards, Baldrick
Just to add that it's probably not possible to compare WSA's detection 'performance' alongside other AVs, as has been seen in various scenarios (re some types of tests etc) in an 'apples for apples' way as WSA is focused on protection and prevention rather than simple, apparent detection.
Some comments here and here also are relevant.
It's just the way WSA is...and it seems to work well 😉
Some comments here and here also are relevant.
It's just the way WSA is...and it seems to work well 😉
Hello,
Webroot only detects PE (portable Executable) files with extensions such as *.exe , *.dll , *.scr and so on. Webroot also detects some *.vbs and *.js scripts .
09389f0f4123b85cd5cdbfbba5d29222 is a cab file (archive format) containing mostly xml files, and appears to abuse a vulnerability in Microsoft Word. While Webroot would not detect this specific file, we should detect any PE file that would drop it. So unless the user willingly downloaded it from something like a spam email, opened the file and allowed script content to run within Word, they would be protected. Thank you for the reports though, we appreciate it!
Sincerely,
Webroot Advanced Malware Removal Team
Webroot only detects PE (portable Executable) files with extensions such as *.exe , *.dll , *.scr and so on. Webroot also detects some *.vbs and *.js scripts .
09389f0f4123b85cd5cdbfbba5d29222 is a cab file (archive format) containing mostly xml files, and appears to abuse a vulnerability in Microsoft Word. While Webroot would not detect this specific file, we should detect any PE file that would drop it. So unless the user willingly downloaded it from something like a spam email, opened the file and allowed script content to run within Word, they would be protected. Thank you for the reports though, we appreciate it!
Sincerely,
Webroot Advanced Malware Removal Team
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.