To Customer Support To Customer Support
Solved

Difficulty downloading WSA

J
Rank
Ok, so I just signed up for a WSA trial.  When I sign in to the online console, click on "Go to Endpoint Protection", then click on the available download for Windows for my keycode, I get the following error message:
 
C:Users[User Name]AppDataLocalTempRD3TVWgf.exe.part could not be saved, because the source file could not be read.  A box right below that shows:  You have chosen to open SA[private kecode].exe which is a binary file 749kb from http:downbox.webrootanywhere.com
 
So I tried again and this time I get this message:
 
Gateway Anti-Virus Alert

This request is blocked by the Firewall Gateway Anti-Virus Service. Name: MalAgent.H_1116 (Trojan)
 
I also tried following the link that is provided with the email instructions and get the exact same Gateway Anti-Virus alert as shown above.
 
What am I doing wrong?
icon

Best answer by nic 16 July 2014, 18:37

View original

17 replies

R
Rank
Userlevel 6
Hi JereP and welcome to the community!

Looks like you're receiving a false positive of your security solution.
What product are you currently using at your company?
-Webroot Endpoint Protection user-
J
Rank
This alert was being thrown up by our SonicWall gateway appliance.
R
Rank
Userlevel 6
Could you please contact the support of Sonicwall(or Dell) and report the false positive to them? It's probably caused be the heuristics as WSA could look like a trojan downloader or packer.

You could also create an exception on the Sonicwall or download WSA from a client outside of your environment, but I would suggest you to wait till you get help from their support.
-Webroot Endpoint Protection user-
J
Rank
I will try to do that. In the meantime, I did download it from my home computer and "Dropboxed" it to work. Scans by Vipre and Malwarebytes both come up negative, so I believe it is okay. The name of the file is basically my keycode followed by .exe.
nic
Userlevel 7
Badge +56
Let me see who I can ping internally to help resolve this.  Glad to hear you found a workaround in the meantime.
R
Rank
Userlevel 6
Yes, it's quite unlikely that you're receiving malware from Webroot ;)

Please post a quick update here if the support resolved your problem.
-Webroot Endpoint Protection user-
J
Rank
Exactly!  Although I did have the concern that maybe my PC was somehow already infected and was being redirected to something malicious.
 
I also checked the file on VirusTotal and was surprised to find that one out of the 54 vendors classified it as "PE Stealer.Zbot!1.6524"  Now I'm concerned that by doing I may have inadvertantly exposed my keycode to the world.
 
R
Rank
Userlevel 6
You can request the deletion of your file from virustotal: https://www.virustotal.com/de/about/contact/#file-deletion

Anyway I would suggest that you request a new keycode after your trial.
-Webroot Endpoint Protection user-
nic
Userlevel 7
Badge +56
Just heard back from dev that they're aware of this issue and working with Sonicwall to get it resolved.
K
Userlevel 1
I came across this error also. I'm not sure if it correlates but I am also receiving an error when attempting to update clients to 8.0.4.104 that "SecureAnywhere could not be updated at this time."
 
I'm pretty much handcuffed at this point.
nic
Userlevel 7
Badge +56
@ wrote:
I came across this error also. I'm not sure if it correlates but I am also receiving an error when attempting to update clients to 8.0.4.104 that "SecureAnywhere could not be updated at this time."
 
I'm pretty much handcuffed at this point.
Let me see if I can find out what might be causing that.
C
I am also having the same problem with two different companies runnig sonicwalls. Lots of alerts on MalAgent.H_1116  and cant update webroot.
 
nic
Userlevel 7
Badge +56
@ wrote:
I am also having the same problem with two different companies runnig sonicwalls. Lots of alerts on MalAgent.H_1116  and cant update webroot.
 
Sorry you're having trouble as well.  We're working on getting it resolved, but in the meantime you'll just have to bypass the firewall.
K
Userlevel 1
SonicWALL appears to have removed the "MalAgent.H_1116" definition from their Gateway Anti-Virus as of this morning. I can also verify that my clients have started to update this morning as well but some are still receiving the "SecureAnywhere could not be updated at this time." error.
Ssherjj
Rank
Userlevel 7
Badge +62
@ wrote:
SonicWALL appears to have removed the "MalAgent.H_1116" definition from their Gateway Anti-Virus as of this morning. I can also verify that my clients have started to update this morning as well but some are still receiving the "SecureAnywhere could not be updated at this time." error.
Hello @ Welcome to the bussiness side of WSA.:D   I'm using WSA Businness also and I had the same error but when I rebooted the PC I got WSA to install updated version as well. Sometime the most obvious might work. @ will get this worked out I'm sure as soon as possible.
 EDIT
I hope this will work for you sincerely I do.;)
 
Regards,
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
nic
Userlevel 7
Badge +56
Just heard back with more info.  Apparently the Kaspersky and McAfee AV engines running on the Sonicwall firewalls are causing this.  We have a ticket open with them, but if anyone who is affected can call Sonicwall as well that will help light a fire under their you-know-whats 🙂
R
Rank
Userlevel 6
Great to see that the problem got resolved so quickly.

@Nic: I tried to find out what engines Sonicwall is using but didn't find any information on that topic and Dell also doesn't have a dedicated page for false positives.
I've read somewhere that they might use McAfee but their product didn't detect WSA as malware...
-Webroot Endpoint Protection user-

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.