Skip to main content
I'm trying to install certain reputable internet programs such as "imgburn", that I've used for years, on my new computer. But webroot is saying they have malware (this includes Skype!)

 

How do I make webroot less "picky"?

 

Paul
Hi brennerp

 

Welcome to the Community Forums.

 

When you say that WSA is saying that the programs have 'malware' would you be able to explain how you are being notified of this?  IS WSA turning Red (from Green in the main interface) and quarantining the programs?  From where are you downloading the programs concerned?  From the manufacturers's websites or from 3rd party websites?

 

Any further information that you are bale to porvide would be helpful in assisting us to assist you.

 

Regards

 

 

Baldrcik 
The install.exe dowloads, then the file disappears. There is a message in the lower right-hand corner saying it has found malware; either pua or pue file. It doesn't give me the option to ignore.
Hi brennerp

 

If the Webroot icon in the notification area has turned grey with an exclamation mark over it then you need to open up WSA and take a look at quarantine to see if any of the files have been put in there by WSA.

 

Double click on the notification tray icon, and once in the main panel click on the gear/cog to the right of the PC Security tab, then once in the next panel click on the tab labelled Quarantine, and let us know what you find in there.

 

Regards

 

 

Baldrick
Thanks. Will be offline for a while, will try when I'm back on.
Hi brennerp

 

No problem...I will be about most of the evening (am in the UK) and if not then there will be other Community Members around who can do the same if I happen to miss you when you are back online.

 

Screenshot to illustrate the original instructions on where to look (in case that makes more sense) ;)

 



 



 

You are interested in whether there is anything recorded in the area outlined by the red box in the screen capture below...if so then let us know what that is.

 



 

Hope to see you later.

 

Regards

 

 

Baldrick
Thanks, found it in quarantine. Restored it, but decided not to install as it wanted to change default browser etc.
Hi brennerp

 

Glad that you got to the bottom of the issue...interesting about what you say about it wanting to change the default browser.  Usually there should be an option to say 'No' to the change and 'Do not ask again' so that you retain your preferred browser.

 

Just a quick point; occasionally, when one restores something that has been quarantined it is irrationally flagged up again in the next scan and either quarantined again (but you know where to go now) or is blocked/monitored by WSA...if that happens do comeback to us if you need further help.

 

Let us know if you have any more issues or if you have any further questions about WSA generally...we are here to help...and to have a good time. :D

 

Regards

 

 

Baldrick
Welcome to the community @ !

 

Great to have you here Paul, hope to see you often!

 

Glad @ was available to help you out.

 

There is a wealth of information here in the community, browse around and enjoy!

 

Beth
@ wrote:

Thanks, found it in quarantine. Restored it, but decided not to install as it wanted to change default browser etc.

@ 

This is quite typical of installers downloaded from third-party download sites, which often install additional Potentially Unwatned Applications (PUAs) along with the software you're trying to install. we suggest always downloading software from the official download links whenever possible.

Unfortunately it looks like the official Imgburn download includes some bundled software, but If you choose "custom installation" during the install the additional software is not installed. Imgburn does have a good opt-out in their installer, but it is always disappointing to see PUAs included in the official installation for an application. 

 

-Dan

 
Thanks. The problem is that Webroot quarantines the install program in some cases before I get to that step.

 

But what I've found is that, if I try several sites, I can find one which doesn't trip Webroot. I still may have to do the custom install to avoid the unwanted applications, but at least I can install the program.

 

I've learned a lot here! Thanks!

 

Paul
Hi Paul

 

As I have said before I would try to make sure that yo download from the app creator's web site if all possible, or a very reputable 3rd party site, but preferrably the former, as 3rd party sites are renown for being purveyors (unwitting or witting) of app bundles that may be classed as PUAs/PUPs.

 

I will have to try the Imgburn download and see if I get the same issues as you are experiencing.

 

Regards

 

 

 

Baldrick

 

 
@ , Are you downloading directly from  IMGBURN?

 

If you have to download with a sites downloader,  it would make sense that WSA would quarantine it. As explained by @ , there are  downloaders that do install PUA and PUP - potentially unwanted adware (advertising) and potentially unwanted programs.

 

Please let us know.

 

Beth
@ wrote:

Hi Paul

 

As I have said before I would try to make sure that yo download from the app creator's web site if all possible, or a very reputable 3rd party site, but preferrably the former, as 3rd party sites are renown for being purveyors (unwitting or witting) of app bundles that may be classed as PUAs/PUPs.

 

I will have to try the Imgburn download and see if I get the same issues as you are experiencing.

 

Regards

 

 

 

Baldrick

 

 

Hello Baldrick! Iv'e tried to download from 3rd Party SiteRight away Malwarebyes qurantines the file. I will look and see what file it is..brb ;) EDIT: a PUP, optional, Open Candy, ...Webroot didn't get a chance to stop it before MBs interceeded. Now what do you think? I did run the Imageburn and Webroot hasn't blocked anything as of yet! Webroot hasn't qurantined anything and I'm now running ImageBurn.
Hi Sherry

 

Well, I downloaded Imgburn from the same site as you and for the official download site.  Both installer purport to be the same size.  If you scan both with MBAM they are both flagged as Open Candied, but MBAM allowed them both to be downloaded as did WSA.  What I have not yet tried but will later is running the installer and seeing what WSA does.  I have the Detect PUAs setting set on...so it will be interesting to see if the Open Candy is picked up or not.

 

So far I have never fallen foul of an attempted Open Candy installation...so it will be interesting to see what occurs.

 

Regards

 

 

Baldrick
@ , I have fallen foul to Open Candy. WSA did not pick it up and I too have detect PUA setting on. I set everything setable to maximum levels. This happened a while back, about  4 - 6 months ago, not sure. I removed it manually and also manually from the registry. 

 

Editing the registry I do not advise, it should be done with caution and by advanced users and of course BACKUP, BACKUP, BACKUP -( my middle name), always backup the registry and everything else!

 

So far, since I removed Open Candy, I have not again fallen prey to it.
Well, that is interesting, Beth.  If this little test fails then it may be worth opening a Support Ticket for the Support Team to check this out because I would have thought that of the many PUAs/PUPs out there Open Candy should be detected if it tries to install (just downloading it should not trigger anything given the WSA approach that a threat that is inactive/dormant is not a threat until active/activated, etc.).

 

Hmmm, this should be interesting.

 

Regards

 

 

Baldrick

Reply