Solved

False Threat on networkminer.exe?


I downloaded networkminer.exe from SourceForge and webroot appears to think it's a Threat of some kind.  As far as I know it's just a tool for analyzing web traffic.  It thinks the threat is Win32.LocalInfect.2, the googling of which only returns 6 results.

I also downloaded a game some kids at the hackerspace wrote in http://scratch.mit.edu/ and it also detected it as a threat, something else Win32....
icon

Best answer by pegas 18 May 2012, 15:20

View original

12 replies

Userlevel 7
Hello leeand00!
 
Can you kindly open a support ticket here https://www.webrootanywhere.com/servicewelcome.asp? describing your issue. It is the fastest way to get solved it. You can also use the "Submit a File" functionality available in WSA under System Tools. However, if you put in a ticket, Webroot support department will investigate and reply straightaway. If you submit the file, those requests are handled differently and you will not receive a response.
 
In the meantime, if you are absolutely sure it is a false positive, you can retrieve the file from quarantine. If the file is not quarantined, search for the file in Detection Configuration section and let it Allow.
 
Thanks & regards,
pegas 
Well I don't mind waiting if it helps Webroot out.  I'll attach the files.
P.S. Your ticket link doesn't work... :mansad:
Userlevel 7
Hmmm ... strange as I can get there, anyway please go to http://www.webroot.com/En_US/support-wsa-products.html and on the right side there is a link called Open a Support Ticket, it should take you then to https://detail.webrootanywhere.com/servicewelcome.asp
Userlevel 7
Pegas' advice is very accurate.  When you put in a support ticket and indicate "False Positive" as the reason, it gets expedited to the Threat Research team and usually handled within a few hours or less, even though we have to quote up to 72 business hours. 
Sorry apparently there is a seperate password for filing a ticket from this forum, and that threw me a bit.  Thanks for putting up with me. 🙂
Userlevel 7
Ahh, yes, there are three primary password systems, one for your actual account, one for the Community Forums here, and one for the support system.
Good lord man!  Haven't they ever heard of a single signon?
Userlevel 7
That would be an excellent idea for the Ideas Exchange.  It would be nice to keep track of how many other people would like to see such a feature implemented.  Would you mind posting the idea there?
Userlevel 7
I was going to point out that before any such thing is implemented, security impact would have to be investigated. 
 
Originally there was a separate password for Support vs your actual Webroot Account because we do not want the compromise of one password to impact both of your accounts there.  Especially since we create a support password for you.  The fact that the community is a segregated system and mostly involves public-facing information also caused a new password.  Somebody compromising your community password can "post as you" at best on a good day, and can't access potentially-sensitive information in the support system or your personal data in the main account system.
 
But please do feel free to request or recommend it, otherwise it may never be considered. 🙂
hello
i have received a program from a company, that, they say it
is ok, but your anti virus says, it has this virus in it
(Win32.Localinfect.2)
googled it, read all the stuff, still i am not sure it is
virus or not
i can send you the file to examine
but there is no attachment function in this form
neither in the support form that i sent this message 
if you send me email
i will send you that suspicious file
thanks
 
Userlevel 7
Hello,
 
I have seen the ticket and I have requested some diagnostic logs. I have an idea what it is but I will wait to see what the logs say!

Reply