Solved

False Positive for PUA.OSX.TuneUpMyMac.1.r ?

  • 20 May 2017
  • 6 replies
  • 115 views

Just got an alert for PUA.OSX.TuneUpMyMac.1.r  It's in a time machine backup for today 0520.  Kind of odd it would be found in a TM from today, but not in any other active scan / file that the TM was made from?  I've done Full Scans for the past 3 days.
icon

Best answer by ProTruckDriver 20 May 2017, 17:44

View original

6 replies

Userlevel 7
Badge +62
@ wrote:
I have had this problem before with trying to get Time Machine in the Allowed List. This is how I got it on the Allowed List.
 
 
MAKE SURE YOU UNTIC THE FILE BEFORE HITTING NEXT:
 
 


 
After hitting 'Next", WSA will automatically do another scan putting that file on the "Allowed List".
 
At one time I had to do this procedure twice to get it on the "Allowed List". But it usually takes one time.
 
HTH,
 
Dave.;)
Thanks @
Userlevel 7
I have had this problem before with trying to get Time Machine in the Allowed List. This is how I got it on the Allowed List.
 
 
MAKE SURE YOU UNTIC THE FILE BEFORE HITTING NEXT:
 
 


 
After hitting 'Next", WSA will automatically do another scan putting that file on the "Allowed List".
 
At one time I had to do this procedure twice to get it on the "Allowed List". But it usually takes one time.
 
HTH,
 
Dave.;)
Userlevel 7
Badge +62
Hello ScenicView,
 
Please look here:
 
https://docs.webroot.com/us/en/home/wsa_mac_userguide/wsa_mac_userguide.htm#ManagingQuarantine/ManagingFileDetection.htm%3FTocPath%3DManaging%2520Quarantine%7C_____2
 


 
@ do you have anything to add?
Thank you for the reply.  I already have scan mounted volumes unchecked so I'm guessing it got a hit while the backup was being assembled.  I've kept scan archived files because it's my understanding that this also includes .zip files.
 
How do I add this to the exclusion list?  It's on the list to send to quarantine, but not on the block/allow tab.
Userlevel 7
Badge +62
Hi again ScenicView,
 
I might also need to add that I found this information from one of our  Mac experts and you might want to try this as well. I know you asked about scanning archives and I told you that I do scan my Archived Files...which is on by default. 
 
But here is what was mentioned below in another post;
 
"The one thing I noticed was that WR is looking at your TIme Machine volume. I would suggest under Scan Settings, turn off "Scan archived files". This will tell WR to not scan Time Machine backups and ZIP files, which could impact performance."
 
Remember you can always ask the Webroot Support team to assist you....because they are the specialists and they can confirm if you indeed have a PUA  or a False Positive.
 
Userlevel 7
Badge +62
Hello @,
 

Webroot recommends changing your settings so that you do not scan mounted drives with WSA. In some cases, Webroot will detect a threat that is located on your backup, such as Time Machine. If the file are in the backup, then they cannot hurt your system. You would have to restore the files from the backup to get them on the system, and at that point the Real Time Shield in Webroot would find and remove them. Even though Webroot cannot remove these files, as space for newer backups is needed the older backups will be deleted. This will delete the threats from the backup as well. Another option available to Time Machine users is to exclude the files and folders from being backed up by the Time Machine. You can add them to the exclusion list which will permanently block the files/folders from being backed up in the future. By doing this, the infected file will eventually be deleted from the backup over time and prevent it from ever getting re-introduced to the drive should it be installed on the computer again.

Please have a look at the Mac PC User Guide http://live.webrootanywhere.com/content/553/Changing-Scan-Settings

If you have concerns about these files then you can always Submit a Support Ticket and they can confirm if these files are indeed False Positives or not. This is a free service with an active Webroot subscription.
 
https://detail.webrootanywhere.com/servicewelcome.asp
 
 

Reply