Solved

Need help whitelisting a file

  • 1 March 2022
  • 5 replies
  • 190 views

Userlevel 3

Hello,

 

I need help whitelisting a specific file on a specific machine.  We are running Webroot SecureAnywhere with a centrally managed console.  I’ve tried following the instructions located in this thread:

https://docs.webroot.com/us/en/business/wsab_endpointprotection_adminguide/Content/UsingOverrides/CreatingWhitelistOverrides.htm

 

I’ve tried creating an override on the desktop without success, but even when I stick the file in the root of C:  and create an override to the folder in that location it does not work.  I’ll attach a couple screenshots for reference.  I’ve also got an open ticket and am waiting on a response, but wanted to ask for any suggestions here?

 



 

 

icon

Best answer by msmith-442 7 March 2022, 19:22

View original

5 replies

Userlevel 7
Badge +63

Hello @msmith-442 

 

If you have the MD5 hash file and send it to Webroot Business Support and they will whitelist it for you. It should be in the scan log near the bottom. https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingReportsAndViewers/SavingScanLogs.htm I will ping @coscooper or @dstokes1 

 

Thanks,

Userlevel 3

Hello @msmith-442 

 

If you have the MD5 hash file and send it to Webroot Business Support and they will whitelist it for you. It should be in the scan log near the bottom. https://docs.webroot.com/us/en

 

Thanks!  I don’t think they are too inclined to help me.  I’m working on something pretty ridiculous -- my boss (our company CEO) asked me to build a bitcoin mining rig for his son and run it in our server room.  🤷🤣  So everything from our FortiNet firewall to Webroot is throwing a fit about cryptomining and “hacking tools”.  The response I got from my Webroot ticket was just “whitelisting doesn’t work the way you think it does” and to “submit logs”.

I’ve submitted the logs and am crossing my fingers.  In the meantime I rolled the crypto rig over to an unmanaged policy where I could manually turn down some of the security settings.  It still throws alerts, but isn’t blocking or auto-deleting the crypto software now.

Ideally I’d like to run with all normal protections (just excluding the crypto software from scans & alerts) but I’m not sure if that is possible?

Userlevel 7
Badge +63

Hi @msmith-442  only Webroot support would know, so stay with them and thanks for the update.

Userlevel 7
Badge +63

Hi @msmith-442 

 

I see you posted here
https://community.webroot.com/webroot-secureanywhere-antivirus-12/why-is-webroot-punishing-casual-crypto-mining-347210?postid=372117#post372117 and you got the gist of the issue if you have the MD5 hash or upload the file to VirusTotal see what other AV’s detect it as well. https://www.virustotal.com/gui/home/upload please let us know!

 

Thanks,

Userlevel 3

Hello, just to follow up on this thread.  I was successfully able to get our crypto rig working with NiceHash Miner and Webroot SecureAnywhere.  After getting nowhere with their email support ticketing staff, I called the Webroot 866 US-based support telephone number and was able to speak with someone who could remote into my machine and see what I was seeing.  We created a new policy just for the crypto machine and assigned three sets of overrides to it (using a whole lot of "include subdirectories" and *.* masks) and eventually were able to get Webroot to stop deleting and blocking every attempt to run NHM.

 

It was especially tricky because NHM uses some additional .exe's to perform functionality like benchmark video cards (which Webroot also thinks is malicious activity), but once we got all of the "don't block this and don't block all of these other things either" filters in place, we were able to get it working.  So hopefully this is "case closed" for my particular issue, hopefully won't creep back up next time NHM does an update.  🤷😄

Reply