Hi, I've been seeing some weird stuff with Dropbox and webroot. When a file in dropbox is syncing webroot is reporting it multiple times as undetermined software (for example - ~5E839294.TMP in %profiles%dropbox.dropbox.cache or
CONTROLSCF.RESOURCES (DELETED F3AC29B235882A96028CFA36266D9F22).DLL
%profiles%dropbox.dropbox.cache2013-09-12) with each file getting flagged with the size which can be changing.
How does one stop this from happening? I can see the value in flagging new files and want to see them, and I know cache folders are high risk areas, but why the temp files during download or sync? I see the same thing when downloading say a 7Zip installer file, multiple files with the .part extension and then finally the actual file (7Z920.EXE.PART %cache%).
Also, why does it just show the variable %profiles% rather than the actual user name?
Any direction would be appreciated.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Where Dropbox is concerned, I haven't seen this behavior myself. I'd suspect the temp files in question contain executable code. The fact that it does the same thing on an exe.part file supports that theory. Realistically, I doubt you'd be able to get these to stop showing up as undetermined, because that is in fact what they are. It doesn't mean they are threats, but Webroot is looking at those files as unknowns because it's never seen them before. Dropbox is actually a relatively common attack vector. Once you configure it to sync, it has a free pass through your firewall, so something needs to be keeping an eye on it, which is what Webroot is doing.
You could disable age-based and popularity-based heuristics and see if that cuts down on the number of undetermined files that are reported into the console, but you'd be limiting your protection by disabling portions of the heuristics engine.
In short, I'd say it's working as designed and that Dropbox just tends to create a lot of unknown files.