WebRoot 2013 still insists on searching for virus after NOT finding 1

  • 16 June 2013
  • 3 replies

WebRoot 2013 has a massive problem with "false positives".
I run a program that DEFINITELY is not a virus.
WebRoot claims it is.
I tell it that it definitely is not, so I pick "allow".
WebRoot immediately starts scanning 43 *THOUSAND* other files looking for additional viruses.  Ugh.  How do I shut off that very annoying and totally useless feature???
I said this is *NOT* a virus... but WebRoot still insists on wasting time looking for others.
I repeat this entire scenario MANY times per day.

3 replies

Userlevel 7
Badge +55
IMHO WSA does not have a False Positive problem I haven't seen one in over a year, please Submit a Support Ticket and they can whitelist the files. Do a scan and after Save a Scan log and any lines in the log with [u] in front and put it in the support ticket.
EDIT: To show example.
Some legitimate files are not included in this log
[u] c:program files (x86)microsoft visual studio 11.0common7packagesdebuggermsdia110.dll [MD5: 697751DA8687BFB2A88CE1EB7262A1FD] [Flags: 00081001.3191]
[u] [MD5: 6E5EA18414114D1B8A1596C1C0B9C141] [Flags: 00010000.4225]
[u] c:program fileshashtab shell extensionhashtab64- [MD5: 3E2EEEFDCCBA666F82DF7C99AC4DB604] [Flags: 00010000.3279]
Userlevel 7
If you are a business customer you need to be applying these changes in the console not on the local client. If you have problems with a certain class of corporate software being detected you should open a support ticket to have threat research investigate which rules the file is hitting. You should also be reviewing the policies you have applied in case you have increased the heuristics from their default settings.
Userlevel 7
Hi, The comments from TH and Explanoit mirror what I was about to suggest myself. WSA is typically very good about not having a lot of FP's, so the situation you're describing should be infrequent. If it isn't, we may need to look at classifying files differently on your system. Perhaps it's a development environment for instance. If you open a support case, we can take a look at your particular situation, but this is not an issue that plagues customers in general.
Also, just to reitterate Explanoit's point, as an administrator, you don't want to be doing this on every individual client.  You'd have a much easier time using the console for administration.