I decided to leave WRSA ( business version ) on one PC ( in scan only mode) while I consider whether to renew or not ( and at the same time test out alternatives) - see https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Expiry/m-p/228788#M20877. Support advised me at the time that the software with expired subscriptions continues in scan only mode i.e no shields but scans continue .
Scans are now giving me detections
MSIDF19.TMP, Pua.Advanced.System.Optimizer, %windir%installer, http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx?MD5=BD2A821CB5DD0E4B17386407D3BE2503 BD2A821CB5DD0E4B17386407D3BE2503These seem to be detections on msi files which have only started arising yesterday - the only recent msi file I have is OffCAT.msi which is downloaded directly from Microsoft and is a configuration analysis tool for Office products ( seems unlikely to be infected). Also when I try to go to C:windowsinstaller folder to investigate it does not exist ! ( I have hidden folders set to show). Also trial Malware Bytes AntiMalware scan shows no issues ( there was a probably left over registry entry relating to Hicosmea which I deleted but even after that Webroot is still showing infections as above).
Any idea what is going on ?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
"More than likely what happened is that the PUA was detected as a threat as some point while the subscription was still active. What he is getting now is that someone tried to reinstall the same infection, and the realtime shield stopped it from ever getting onto the machine. "
If you want to contact support again they can take a look at the logs to confirm.
I have still been unable to track down the threats concerned on the PC but I now recall an automatic update recently of the paid version of CCleaner - is there any possibility Webroot is marking CCleaner as a PUA ?
Also as to the question of shields and expiry - my guess from my investigations is that the shields were set to off immediately on expiry and that it was only the web portal which remained accessible for 30 days - it has today (31st day) become inaccessible other than the home page. This leaves me with the problem of how to uninstall webroot from the remaining PC as it has no entry in the control panel "programs and features" listing ( in neither normal or safe mode) nor an uninstall option in the start menu listing ?
At the minute I am reluctant to continue using Webroot with so many unresolved issues.