To Customer Support To Customer Support
Solved

Explanation of threat, Inconsistant results

  • 11 October 2015
  • 6 replies
  • 43 views
F
Rank
Hello,
Webroot found this file as malware:
C:UsersUserAppDataLocalTemp7NV7DAWB.exe.part
I could find no explanation of it so I restored it and looked at properties.
The certificate was by LLC DE PROEKT.
The certificate is issued by COMODO RSA Code Signing CA. The publisher is located in the Ukraine.
It was identified as a PUP.
I scanned the file again and it was not detected as a threat.
Why are there inconsistant results in the two scans?
Why is a threat not explained?
Thanks
Frank C
icon

Best answer by Baldrick 11 October 2015, 18:52

View original

6 replies

Baldrick
Rank
Userlevel 7
Hi Frank751
 
Firstly, would you check if the 'Automatically quarantine previously blocked files' is checked on or unchecked (go to Advanced Settings > Shields; it is the 2nd option on that page). If it is checked and you restored it and then ran a further scan then if detected again it would have been silently blocked/quarantined again.
 
Secondly, PUPs or PUAs (Potentially Unwanted Applications as we refer to them in the Community) are not strictly speaking malware, and the whole question as to what is a PUA or not is a moot point. 
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
I hope that the above is of assistance?
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Baldrick
Rank
Userlevel 7
Hi Frank751
 
Apologies but I forget to respond to your third point of "Why is a threat not explained?". The answer is that it is not and only Webroot themselves can advise as to why that is the case.
 
I sympathise with this point as I am interested in that sort of thing but the majority of WSA users are not technical and would not. Still, would be nice to have the option to click on the threat and be linked to an online malware directory which provided a explanation/description of the item detected, etc...so that if you wanted to you could find out without having to Google it as I always end up doing.
 
Perhaps I will check to see if this has been requested previously and if not open a new Feature Request on the idea.
 
Regards, Baldrick
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Dermot7
Rank
Userlevel 7
Badge +3
 
  https://community.webroot.com/t5/Ideas-Exchange/Threat-encyclopedia/idi-p/17872
Baldrick
Rank
Userlevel 7
Dermot, you just beat me to it by a few nano seconds. Nice one!
 
And to everyone reading this thread who has not yet kudoed the idea please get over to the Feature Request page and as the feedback from the Development Team states:
 
"In short, this is a great idea, and it will ultimately happen. It would most likely help to get some kudos on this idea to give the idea a bit more priority, so please kudo if you like the idea."
 
27 so far and...hopefully...counting...so over to all of you out there!
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
F
Rank
Thanks for the reply Baldrick,
 Yes, the "Automatically  quarentine previously blocked files" was checked. The offending   file was still in :
"C:UsersUserAppDataLocalTemp7NV7DAWB.exe.part", so I deleted it.
I think malware should be explained so one doesn't have to research each case.
Frank C
Baldrick
Rank
Userlevel 7
Hi Frank
 
No worries...glad that we could help. :D
 
As I said...I completely sympathise with your view on the threat-related information, etc. Hopefully you can make it over to the idea request referenced by Dermot and add you kudo to it...if yo uhave not done so already...and hopefully with a few more the Development Team will put the provision of such functionality higher up on their priority list for the future.
 
BTW, the setting that we were discussing is really there to make WSA 'quieter'; if you keep the setting unchecked you will just be prompted more often as to there being a repeated threat that has been previously Quantined and either restored or deleted.
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.