Showing results for 
Search instead for 
Did you mean: 

Why am I getting the notification "Suspicious Activity Detected" for a trusted application?

100% helpful (2/2)

The message ‘Suspicious Activity detected’ is a notification that Webroot SecureAnywhere provides when a change is made to the system that may resemble behavior of a malicious process. Generally speaking, these notifications are not malicious as there are a number of automated tasks that can occur within OS-X that could trigger it. Common tasks that could prompt this message are updates to software, or Folder Actions. It’s common that these kinds of tasks change or modify ‘plist’ files that affect the overall preferences for the system.

You may see in the alert mention of a plist (property list) file, which stores all the settings for an application, or LaunchDaemons, which are a scheduled task to run a single or selection of services. If you ever receive these prompts, you can safely click OK. If the alert repeats multiple times you may click Ignore. We are actively working to improve our SecureAnywhere agent for Mac and new design implementations are coming soon for these prompts and alerts.

Please note, the alert will only show up once to notify you that a trusted application or system process has done something a bit different today. If it was genuinely suspicious or malicious activity, it would be blocked by the client.


Not an exact replication of this item, but about 3 weeks ago I got a pop up message from Malwarebytes (I have the Free version installed as a back up) which announced "Webroot-Free- An Upgrade is available' nothing unusual but on reflection I guess it should have said 'Update' had it been just an Update to me Free version.. Anyway I accepted it & got the usal message from Microsoft 'Do you wish to allow..' I OK'd this. Then I found that Malwarebytes had installed a 14-day trial of its RealTime Malware protection & monitoring, which I did not want or need. However having been caught by this before (that time had Malwarebytes Free uninstalled & reinstalled) I just let it run until the 14 days trial expired & let it drop. However during the trial period Malwarebytes blocked my access to the WSA Community as a 'phishing' site/ This happened on 9th October 18.24 hrs BST, & 15th October 11.23 hrs,11.24hrs & 11.42 hrs. Having since read the Malware explanation it recorded 'Website blocked due to phishing. Outward connection.' I might add that this action did not occur before these instances or between the two dates or afterwards. Of course the Real Time is no longer active so this issue is no longer current. But I wonder why Malwarebytes thought WSA was 'phishing'. In the past WSA 'techies' have told me that Malwarebytes is compatible with WSA, but I don't need it on a Real Time basis & certainly don't want to pay for it as I get excellent service from WSA. Any thoughts ref WSA as a 'phishing' site welcome.