W32.Trojan.Gen false positives

  • 24 April 2017
  • 9 replies
  • 2380 views

All of the sudden, webroot reported W32.Trojan.Gen on my database server and shut off access.  I ran another scanner and it reported all was well.  I uploaded logs to Webroot.  There appears to be no one I can speak to and I have no idea if Webroot knows what is going on with my Production server.
 
I'm strongly thinking of manually overriding.  Any ideas?

9 replies

May be getting false positives on multiple machines here as well.
Userlevel 2
We are also experiencing this issue.  I can confirm that it is quarantining valid executables and killing programs on servers/workstations.
Sounds like it is a problem across the board on all Webroot products.  We have multiple users that are experiencig the problem on their desktops and our consultants let us know that several others of their clients are also experiencing issues. 
 
We forced all machines to unmanaged so we can stop scans and disable protection until the issue is fixed. 
 
Lee Lahti
IT Manager
Pawnee Leasing Corporaton
I'm gettings false positives for many computers under our umbrella.  It's quarantining apps that are COMPLETELY shutting down operations for some clients.  Applications are being trapped as W32.Trojan.Gen.  I've been on hold with support for the past 1/2 hour to 45 mins, so I know this is likely a system wide issue, but we need a solution. (Support, are you watching?)
Userlevel 3
Check out the false positives anouncement that just got posted.
 
https://community.webroot.com/t5/Announcements/W32-Trojan-Gen-False-Positive-Fix-April-24/m-p/290198
 
Jim
Userlevel 7
Badge +35
Thank you all for reporting this, please take a look at the explanation and steps to remedy here
So let me get this straight, we have to get the MD5 hash for EVERY quarantined file?
Userlevel 2
This is completely unacceptable.  We have over 3500 endpoints...
Userlevel 7
Badge +35
Please continue checking the official post as that is where answers and updates will be posted. You may also subscribe if you would like to receive a notification when there are updates. 

Reply