How can I stop Webroot SecureAnywhere from automatically deleting viruses/potential viruses?
CE 24.4
Thanks
Page 1 / 1
Hello
WSA shouldn’t delete anything without user input. Can you Save a Scan Log and post the lines of what has been deleted and it will be near the bottom of the log.
Right click on the Webroot Tray Icon.
Please see here for the latest version of WSA as CE 24.4 is the edition of the Management Console.
Thanks,
thnk what is happening is that the protection alerts me, but there is nothing in the quarantine where usually there is.
thnk what is happening is that the protection alerts me, but there is nothing in the quarantine where usually there is.
Can you post the lines from a scan Log then I can help you more!
Thu 2024-10-31 14:42:44.0160 Infection detected: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe xSHA256: A0F668F8B32BF3794E20D6307827166C35AE8D4669CC4F817ADB683B8EA3C523] 3MD5: 664B0BE80EB0E17FBEB2827E17F90C3D] D3/08080001] 1W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0160 File blocked in realtime: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe hUniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes] y134742017/00000003] 0W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0175 Determination flags modified: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe - UniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes, Flags: 00000020
Hi
Do you feel that this is a true infection or false positive?
The MD5 hash shows that Webroot says it’s bad:
On VirusTotal many AV’s say it’s bad: https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523/detection
If you feel it’s not bad then Please contact Webroot Support and they will let you know for sure!
Webroot Support:
Call 1-866-612-4227 during the week Mon - Fri 7 AM to 5:30 PM (MDT)
Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.
Thanks,
VirusTotal has 44/72 matches for a bad verdict
https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523
John
VirusTotal has 44/72 matches for a bad verdict
https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523
John
I re-scanned it and it’s now 47 out of 72 https://www.virustotal.com/gui/file/a0f668f8b32bf3794e20d6307827166c35ae8d4669cc4f817adb683b8ea3c523?nocache=1
Even the Jotti scanner shows Bad but they don’t have many scanners like VT: https://virusscan.jotti.org/en-US/search/hash/664B0BE80EB0E17FBEB2827E17F90C3D
Webroot still doesn’t detect on VirusTotal and
Another good one: https://www.webroot.com/blog/2015/12/02/whats-in-a-name/
Why is the “virus” not being sent to quarantine. This is my bigest question. They used to go there, now they do not.
Why is the “virus” not being sent to quarantine. This is my bigest question. They used to go there, now they do not.
All I can say is Contact Webroot Support and they will tell you what’s going on as we can’t see on the backend and only support does!
Webroot Support:
Submit a ticket The best way
Call 1-866-612-4227 during the week Mon - Fri 7 AM to 5:30 PM (MDT)
Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.
Thanks,
What this tells me:
Drive R it must be a USB Flash Drive or can you tell us what Drive R is?
Thu 2024-10-31 14:42:44.0160 Infection detected: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe hSHA256: A0F668F8B32BF3794E20D6307827166C35AE8D4669CC4F817ADB683B8EA3C523] CMD5: 664B0BE80EB0E17FBEB2827E17F90C3D] 03/08080001] 0W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0160 File blocked in realtime: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe aUniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes] 6134742017/00000003] 0W32.Trojan.Gen]
Thu 2024-10-31 14:42:44.0175 Determination flags modified: R:\005 - Utilities\File Compare\FolderMatch 5.0.3.0\FolderMatch.exe - UniqueID: F868F6A0, MD5: 664B0BE80EB0E17FBEB2827E17F90C3D, Size: 5147136 bytes, Flags: 00000020
Look at the Block/Allow Files list to see if it’s allowed if it is remove it and do another scan and allow WSA to remove it.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.