I started getting pop-ups on my browser (Chrome for PC). I looked in the system tray, and the Webroot icon was there. That's curious, I thought. So I clicked on the Webroot icon. It vanished! That's weird, I thought. So I used Explorer to go restart Webroot, and the whole Webroot folder was missing from c:program files and c:program files (x86).
Weird. So I visited the GSM console, and found that my endpoint had been deactivated.
Oh oh... So I ran a few different malicious software removal programs. Hitman Pro found and deleted a Chrome extension and deleted it. I reinstalled Webroot, and the icon came back.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
For example, OP mentioned that he found something with Hitman Pro. Was that sample submitted to Webroot?
I have two AWS VMs (Windows servers) that had Webroot Endpoint Protection uninstalled with no explanation as to how it happened. I did open a ticket (61874) and Asked the Experts (https://community.webroot.com/t5/Product-Questions/Issues-with-Webroot-Endpoint-Protection-on-AWS-Windows-Servers/td-p/285294). I also spoke with Stephen and he saw that Webroot was no longer installed, but there were remenents of it having been installed.
I checked the Webroot console log and did not see any unistall entries. When Stephen and I checked the ProgramDataWRData folder on the servers there wasn't any log files. Just db files.
We reinstalled the software and it seems to be working. BUT this experience has raised some serious concerns about the trusting Webroot. BHC01
You can review who may have done this in the Log tab under the site where you endpoint was installed. There is a Command log which will tell you when that command was sent to your host name and audit log will tell you who sent the command.
There is no other way for a machine to be deactivated manually or maliciously.
If you feel that wasn't the case, then report the incident to support for further review as JP mentioned above.
I'd suggest bringing this to the attention of our Enterprise Support Team. They may need to gather more information to further diagnose what the cause is.
Business Technical Support: Call 1-866-254-8400
Open a Support Ticket: http://mysupport.webrootanywhere.com/supportwelcome.aspx?SOURCE=ENTERPRISEWSA