Why do overridden MD5s still generate infection alerts?

  • 5 July 2016
  • 5 replies
  • 531 views

Userlevel 1
I frequently get infection alerts for a particular piece of software that is used at one of our clients.
We've already recorded the MD5 in the global overrides Whitelist. Why do we keep getting an alert for it?

5 replies

Userlevel 7
Badge +56
I'm assuming that the override is working properly, even though you're still getting the alerts, but we'd have to have support look at your logs to say for sure. I can open a ticket for you if you like.
Userlevel 1
I have not contacted support. I figured it would take me longer to get support involved than to just delete the alert emails when they pop up.
 
This brings up another question though. Why does the software continue to work if Webroot is detecting it as an "infection"?
Userlevel 7
Badge +56
Yeah probably not due to the machines not having picked up the overrides yet. Have you talked to support about it yet?
Userlevel 1
It was put in place months ago. It's not just one machine. It happens every time we add this software to a new computer.
Userlevel 7
Badge +56
That's not normal behavior. I'd say to start with check to make sure the override is applying to that particular machine, and do a Refresh Configuration on the client to make sure it's picking up the override. How long ago did you put the override in place?

Reply