Solved

"Threat Detected" won't go away even after quarantine

  • 23 April 2021
  • 3 replies
  • 36 views

I have completed the scan and proceeded to quarantine the ‘threat but the “Threat detected” keeps popping up and won’t go away.

 

icon

Best answer by jhartnerd123 23 April 2021, 19:20

@jpeffall

 

At this point it would be best to reach out to support. There might be some other persistence mechanism in place causing the threat to keep reappearing. 

  • Try and determine the location of where the threat was being picked up from and manually go there your self to look.  
  • check all startup items to see if there’s anything out of sorts there.  If so make note for support.
  • check scheduled tasks on a windows machine. Check the actions tab within each scheduled task to see if there’s anything loading from %appdata% %temp% etc… If so make note for support.
  • even try a simple reboot of the system and run another scan
  • within the main GUI of the program click the gear cog next to utilities, then click the Reports tab and Save both the scan log and threat log to the desktop for support to look through.
  • if calling support, beforehand, download and run the wsalogs.exe file to gather system and Webroot logs for support. You can retrieve here https://download.webroot.com/wsalogs.exe. Save the file to your desktop, then run and enter your email you associate with your Webroot account. 
  • Check for and remove browser extensions/add-ons. Never overdo it on those. Really all you need is the default google stuff, ublock origin, the Webroot extension and maybe a good password manager. The rest is kinda junk.
  • Clear your temp files. Disk cleanup in windows is decent. 

I mean, you can go through an even longer list of things or go into more advanced steps. I’m unsure of your skill level, so at best you can try these and take notes for support. Then, that way you have more information to help support find/remove any remnants that might be lingering. 

Best of luck.

Regards
John

View original

3 replies

Userlevel 7
Badge +30

@jpeffall

 

At this point it would be best to reach out to support. There might be some other persistence mechanism in place causing the threat to keep reappearing. 

  • Try and determine the location of where the threat was being picked up from and manually go there your self to look.  
  • check all startup items to see if there’s anything out of sorts there.  If so make note for support.
  • check scheduled tasks on a windows machine. Check the actions tab within each scheduled task to see if there’s anything loading from %appdata% %temp% etc… If so make note for support.
  • even try a simple reboot of the system and run another scan
  • within the main GUI of the program click the gear cog next to utilities, then click the Reports tab and Save both the scan log and threat log to the desktop for support to look through.
  • if calling support, beforehand, download and run the wsalogs.exe file to gather system and Webroot logs for support. You can retrieve here https://download.webroot.com/wsalogs.exe. Save the file to your desktop, then run and enter your email you associate with your Webroot account. 
  • Check for and remove browser extensions/add-ons. Never overdo it on those. Really all you need is the default google stuff, ublock origin, the Webroot extension and maybe a good password manager. The rest is kinda junk.
  • Clear your temp files. Disk cleanup in windows is decent. 

I mean, you can go through an even longer list of things or go into more advanced steps. I’m unsure of your skill level, so at best you can try these and take notes for support. Then, that way you have more information to help support find/remove any remnants that might be lingering. 

Best of luck.

Regards
John

Thanks John. I have had tech support control my computer for over an hr without success. I will review your comments for possible action. I can’t even delete Webroot. My other actions are: 1. Call Apple as its an iMac; 2. Cancel Webroot w BestBuy; then 3. Research & buy other software 

Userlevel 7
Badge +30

@jpeffall 

 

In the case of an MAC Agent, I would have them do a complete removal, cleanup of any remnants and re-install the agent and see what happens. Ensure that the agent you download is compatible with the version of MAC OS you are using. There are two installers for MAC OS prior to Catalina and one for Catalina and above. 

 

John

Reply