Solved

Webroot flagging Adobe files as OSX.SurfBuyer.1.r on Mac machines

  • 6 April 2018
  • 5 replies
  • 86 views

Userlevel 2
Mac Webroot version installed: 9.0.6.72
 
Hello All,
 
Is anyone experiencing the same?  https://forums.adobe.com/thread/2474754
 
Saw it happpen today on a workstation. Site has multiple Mac machines, cannot have Adobe down in the morning.
icon

Best answer by TripleHelix 6 April 2018, 02:52

View original

5 replies

I'm having the same problem. I made the mistake of letting Webroot destroy the supposedly infected files, and then many of the applications on my computer would run. If you go back and look at the threats log, its listings  start with Adobe applications, but then goes on to many others as well. I didn't check everything, but quickly went back to a TimeMachine Backup. Everything seems to be okay, but Webroot still reports that I have over 100 files infected with OSX.Surf.Buyer.1.r. 
 
I spoke with AppleCare Protection. They had not heard of this particular malware. They had me download MalwareBytes, and it found nothing. A spotlight search found nothing. 
 
I just spent the last four and a half hours dealing with this. I have trusted Webroot for a few years now, but this sucks.
Userlevel 2
Just received a reply through Webroot ticket support:
 
Hello,

Thank you for contacting Webroot support.

If this did affect you, you will see these detection's in your Webroot console. If so, please check for updates to confirm the definition version is 822. You will continue to see this false-positive detection until your Webroot agent updates from def. version 821 to 822.

The Webroot team is aware of this issue and has released a fix. Customers should make sure they update Webroot on devices by right clicking on the Systems Tray.

This is a false positive detection that has been reversed. Please check for updates to confirm the definition version is 822. You will continue to see this false-positive detection until your Webroot agent updates from def. version 821 to 822. Please do not quarantine any files until you’ve updated to version 822.

If you have already quarantined files, please do not restart the system or the Webroot agent, please restore the items from quarantine first.

If you have just scanned your computer and have yet to quarantine any items, to avoid further system interruptions (if not on definition version 822), you may uncheck legitimate files in the Threats Detected list. Proceed with Cleanup to add the files as Allowed in the Block/Allow list.

We appreciate your patience and working with us in resolving this issue.

Regards,
Webroot Advanced Malware Removal Team
Clarifying: the applications would not run.
Userlevel 7
Badge +63
I don't know why @ didn't post it in here: https://community.webroot.com/t5/Announcements/SOLVED-Issue-for-Mac-users/m-p/317842
Userlevel 7
Badge +48
Thanks @ for posting the announcement in here before I could. Always on top of it! 

Reply