Solved

Delayed classification feedback


  • Community Leader
  • 490 replies
Hi Webrooters,
[u] c:usersjmsdesktop
edirectservice.exe [SHA256: B20608AA9A82D73E2541FBCAFB75623A24461273DF6AB7F07624B69248EFEC74] [MD5: 5AAC4998509C066B8ACFDCF461CEAAC9] [Flags: 00080001.3974]
[u] c:usersjmsdesktopoff1cc34dvnc3.exe [SHA256: C78739F397F2A982726394DB0557BA011C6A8724FDF0C11F22B25FE9788933DC] [MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5] [Flags: 00080001.3976]

My habit is to second opinion thru VirusTotal and WSA on-demand scan.
I recently had two samples that were not immediately known classified by WSA.
Both samples were not immediately classified on download nor classified with on-demand scan.

Both samples were well known detected thru VirusTotal.
Within a few minutes both downloaded executable samples were known detected thru WSA.
 
Automated Cleanup Engine
Starting Routine> Removing c:usersjmsdesktop
edirectservice.exe...#(PX5: 53F2855100B5D724B209006955521D001607D23E - MD5: 5AAC4998509C066B8ACFDCF461CEAAC9 - UniqueID: 07EB0E88)...
Deleting File> C:UsersjmsDesktopRedirectService.exe
Automated Cleanup Engine
Starting Routine> Removing c:usersjmsdesktopoff1cc34dvnc3.exe...#(PX5: 9333E9D67E13490F29320D0E2FAA4B009D1D1F3D - MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5 - UniqueID: 07EAF1F0)...
Deleting File> C:UsersjmsDesktopOff1cc34dvnc3.exe




Best practice for me is to scrutinize +.
FWIW ~ YMMV
Regards w Respect
 
Edit: add content
icon

Best answer by TripleHelix 6 January 2019, 18:29

@bjm_ wrote:
@TripleHelix
1) I'm not testing known to me at the time malware.
2) I'm not testing malware.
3) I'm not soliciting malware testing discussion. 
 
Do you want me to remove my "Delayed classification feedback" Topic. 
Do you want me to remove my WebrootSA back-end praise and my daily rider end-user feedback.  
Or, was your comment "@bjm_ you better read this" meant as "do not post this type of praise and feedback in future".  
 
Regards w Respect

How did they get on your Desktop? Testing malware is testing whatever way YOU want to put it. So just follow the Community Rules! Go play at MT with your MT buddies! https://malwaretips.com/threads/how-wsa-works.11871/page-2#post-789035
 
"Both samples were well known detected thru VirusTotal.
Within a few minutes both downloaded executable samples were known detected thru WSA."
 
[u] c:usersjmsdesktopredirectservice.exe [SHA256: B20608AA9A82D73E2541FBCAFB75623A24461273DF6AB7F07624B69248EFEC74] [MD5: 5AAC4998509C066B8ACFDCF461CEAAC9] [Flags: 00080001.3974]
[u] c:usersjmsdesktopoff1cc34dvnc3.exe [SHA256: C78739F397F2A982726394DB0557BA011C6A8724FDF0C11F22B25FE9788933DC] [MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5] [Flags: 00080001.3976]

View original

12 replies

Userlevel 7
Badge +54
@bjm_ you better read this: https://community.webroot.com/t5/Getting-Started-Guides/Community-Guidelines/ta-p/185782
 
@freydrew @LLiddell
 
No Private Testing Discussions
We do not condone private malware testing by end-users. This is never a good idea, and in some areas it's actually illegal. The whole point of antivirus software is not to get infected, and unfortunately when somebody sets a bad example, there will always be others who are influenced into following the same path. It's not something we want to encourage.
@TripleHelix
1) I'm not testing known to me at the time malware.
2) I'm not testing malware.
3) I'm not soliciting malware testing discussion. 
 
Do you want me to remove my "Delayed classification feedback" Topic. 
Do you want me to remove my WebrootSA back-end praise and my daily rider end-user feedback.  
Or, was your comment "@bjm_ you better read this" meant as "do not post this type of praise and feedback in future".  
 
Regards w Respect
Userlevel 7
Badge +54

@bjm_ wrote:
@TripleHelix
1) I'm not testing known to me at the time malware.
2) I'm not testing malware.
3) I'm not soliciting malware testing discussion. 
 
Do you want me to remove my "Delayed classification feedback" Topic. 
Do you want me to remove my WebrootSA back-end praise and my daily rider end-user feedback.  
Or, was your comment "@bjm_ you better read this" meant as "do not post this type of praise and feedback in future".  
 
Regards w Respect

How did they get on your Desktop? Testing malware is testing whatever way YOU want to put it. So just follow the Community Rules! Go play at MT with your MT buddies! https://malwaretips.com/threads/how-wsa-works.11871/page-2#post-789035
 
"Both samples were well known detected thru VirusTotal.
Within a few minutes both downloaded executable samples were known detected thru WSA."
 
[u] c:usersjmsdesktopredirectservice.exe [SHA256: B20608AA9A82D73E2541FBCAFB75623A24461273DF6AB7F07624B69248EFEC74] [MD5: 5AAC4998509C066B8ACFDCF461CEAAC9] [Flags: 00080001.3974]
[u] c:usersjmsdesktopoff1cc34dvnc3.exe [SHA256: C78739F397F2A982726394DB0557BA011C6A8724FDF0C11F22B25FE9788933DC] [MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5] [Flags: 00080001.3976]
While agreeing that it was absolutely right that it be firmly pointed out to bjm_ that Private Malware Testing Discussion is (quite rightly) prohibited on this Forum and that Private Malware Testing is (also absolutely correctly) strongly frowned on by Webroot (though bjm_'s clarification on the Wilders Forum of what actually happened imo makes this issue borderline), I can't help but be impressed by what he has observed:
  • The 2 malicious files his friend pointed him to were apparently not detected as bad by Webroot's AV engine on VirusTotal, although they had been by most of the other AV engines on that site
  • This did not concern Webroot as, to put it simply, it just does not play by the same rules as other AVs
  • His friend sent him the two files and this was the very first time that Webroot had seen either of those files worldwide across its userbase
  • Within 7 minutes of the first file arriving on bjm_'s desktop and within 6 minutes of the second arriving, Webroot had determined them as bad (I am reliably informed by someone high up in Webroot that most malicious files are classified by Webroot within 5 minutes of their first being seen!!)
  • Had there been any activity on bjm_'s device from either of these files, he would presumably have been well covered by the monitoring and journaling function of Webroot
To my mind, this is a fine example of how Webroot plays differently but better than traditional AVs.

"In 2017, 93% of the malware encountered (by Webroot) was seen on only one machine"
Webroot Threat Report 2018

Pause, and reflect on that statistic for one moment.

OK, I concede that statistic is not referring to percentage of individual attacks but percentage of malware samples (I checked this point carefully with Randy Abrams), but all the same... Think: 93% of the malware samples that Webroot saw they saw once and then they never saw again.

Maybe that simple fact goes a long way to explaining why we, in real life, have found so often that Webroot beats other AVs hands down (you may call me a fanboi if you will but that is my and many other users' real experience), why many of us have experienced such a difference between the realtime and real life protection it provides us and the protection that other AVs had provided us hitherto.

Thank you for sharing this with us, bjm_
Muddy7 wrote:

To my mind, this is a fine example of how Webroot plays differently but better than traditional AVs.

"In 2017, 93% of the malware encountered (by Webroot) was seen on only one machine"
Webroot Threat Report 2018
Pause, and reflect on that statistic for one moment.

OK, I concede that statistic is not referring to percentage of individual attacks but percentage of malware samples (I checked this point carefully with Randy Abrams), but all the same... Think: 93% of the malware samples that Webroot saw they saw once and then they never saw again.

Maybe that simple fact goes a long way to explaining why we, in real life, have found so often that Webroot beats other AVs hands down (you may call me a fanboi if you will but that is my and many other users' real experience), why many of us have experienced such a difference between the realtime and real life protection it provides us and the protection that other AVs had provided us hitherto.

Thank you for sharing this with us, bjm_


Threat Report 2018 .... interesting+ read.
Thanks, appreciate your comments.
Regards w Respect
My pleasure ☺

bjm_, may I now ask you a question?

Why were you, quite recently on a certain Forum that shall remain nameless, in a thread now locked by moderators, kudoing posts right left and centre in which members were trashing both Webroot and members of this Forum often using quite florid language to describe the product and the members? Also, why did you yourself use the word “fanbois” to describe members of this Forum, post which you apparently have since either deleted or edited?

I am deciding to ask you about this openly on this Forum rather than privately PMing you, as I honestly believe this is an issue that affects and concerns many of us here.

The incongruence between the tone of the posts you contribute here and your tone over there I find alarming and, indeed I would go so far as to say, schizophrenic. For me, it actually felt very bizarre given our recent PM exchange on this Forum (which happened shortly after I stood up strongly for you against what I saw as bullying) in which I seem to recall you saying, totally unprompted by me—indeed the subject of which was not introduced by me at all but by you—that you personally disagreed with the liberal kudoing tendency here. Yet there you are doing exactly the same thing on that Forum!?!

My gut-feeling (rightly or wrongly) is that you are someone who appreciates Webroot as a product. However it is my personal opinion that you now need to decide, for the sake of personal integrity, which of the two hats you are wearing on the two Forums fits your head best, and show consistency to that identity on both. My two cents worth…

I very much hope you will take my post as coming from someone who wishes to speak to you as a friend, and look forward to your reaction.
@bjm_
Sorry, I forgot to ping you!
I'd like to review your reference.

kudoing posts right left and centre in which members were trashing both Webroot and members of this Forum



I knew about Webroot "fanbois" long before I ever touched WebrootSA.
Webroot "fanbois" was from time to time discussed on MT.
MT members as I recall were turned off by Webroot zealot(s).
MT can be tribal same as Webroot Community.
As I recall MT members questioning Webroot inners while questioning Webroot "fanbois" was met with ubiquitous "you don't understand" and "you're too stupid". I've been on the receiving end of "you're too stupid" ....etc.
I've seen others on the receiving end of zealots.
High ranking and respected MT contributors as I recall reacted to and pushed back against "you don't understand" and "you're too stupid", "etc"... fanbois-isms.

Webroot users (Webroot familiar) on MT shared how and why they were turned off by Webroot Suppport, Webroot fanbois, Webroot product.
Webroot "fanbois" is from time to time discussed on MT... because "fanbois" left sour taste on MT.
And by comments in this thread hard feelings continues to be an issue.
MT contributors did not feel the pressures felt by Webroot contributors.
Here it's either follow the leader or bye bye.

Maybe, MT members felt we'd rather have a cadre of thinking critics vs a flock of one minded fanbois.
MT can be tribal same as Webroot Community.
Norton users can be loyal same as Webroot users.
Webroot users can be loyal same as Norton users.
Loyalty to a cause, to an idea, to a tribe can be admirable.
Fanbois may be tolerated while Zealots.... not so much.

Face to face we could have a respectful exchange of ideas.
Anonymously our exchanges may at times slip beyond courteous community etiquette.

My actions are my actions. My use of Webroot is my concern. My activity here is the concern of Moderators. As to moderator powers granted to Webroot power users. I resist being admonished by users. I resist having my contributions judged by Fanbois n' Zealots. My daily rider use of WebrootSA is my concern. I resist that I do not measure up....that I'm not qualified to contribute....that I'm too stupid....that I have to explain why I started this Topic....why I offered Webroot back-end praise n' feedback....that I have to justify what n' where I'll Kudos.

I have not, as yet, as I recall been admonished by Webroot Community Administrators/Mods.
Okay, I'm not a fan of "fanbois". I'd rather have a cadre of critics vs a flock of fanbois. Just me. Just saying. And my business.
When Community members do not like my contributions. Don't "Like".
When Webroot Community Administrators/Mods set me down.
I'll sit down.

My preference is to respect private messages.

Respectfully submitted
Well, @bjm_ , all that is fair enough and, once again, I find myself agreeing with much (most?) of what you say. And thank you for saying it. I also think it is important that you say it. And I very much respect you saying it.

However, I still find your generous kudoing of such savage attacks at MT of Webroot as a product, difficult to pair with your contributions here. Again, a story of what appear to be two flagrantly incongruous hats.

And if some people are treated by other people wrongly here (and you will remember that I was as open and direct about criticising posters here for their wrong attitude towards you—I am sure I did not make any friends by doing that—as I am now about you), that DOES NOT in any way serve to provide justification for MT posters trashing Webroot Community users here. Therefore my point stands. Two wrongs quite simply don't make a right.

Finally, sorry if you disagree with me openly posting here on this subject rather than PMing you, but I think this issue needs to be spoken of openly.
Well...Muddy7

that DOES NOT in any way serve to provide justification for MT posters trashing Webroot Community users here.


better to comment on MT. I'm not MT spokesman.

However, I still find your generous kudoing of such savage attacks at MT of Webroot as a product, difficult to pair with your contributions here. Again, a story of what appear to be two flagrantly incongruous hats.


Maybe, I simply Kudo'd read messages. Similar to ....e.g. "Good Morning" or "Thank you" Kudos.
Maybe, after being slapped around by Zealots. I was angered.
Maybe, after reading MT members being slapped around. I was angered.
Maybe, Muddy7 Kudos meaning differs from bjm_ Kudos meaning.

---if I tell an ethnic joke. You'll understand the joke....but, doubtful you feel as ethnic feels.

I'll review my MT Kudos. If I can find.
....and if I start throwing "Likes" here.....what would that mean?

Maybe, you see Webroot Community and MT as equals.
I see "product forums" e.g., Webroot Community as official product support.
MT is not official product support.
What happens on MT is their concern.
Does Muddy7 feel the need to defend Webroot on MT.
Good luck with that. Let us know your progress.

WebrootSA, Weboot users, Webroot Community does not need my defending.
I'm not that invested to make a convincing argument one way or the other.
Maybe, Muddy7 et al feels the need.

Wilders is not official product support.
Wilders does not have Kudos/Likes.
How does Wilders function without "Likes".
Somehow Wilders manages thru user feedback e.g., "stay on topic" and prudent swift Wilders Moderators unbiased oversight.

Now, if your focus is solely on my actions.
I'll refer you back to my earlier content.
I'll give your earlier content the greatest consideration.

Cheers
Fanbois may be tolerated while Zealots.... not so much.
Allow me to take solace that I'm neither.
I like the Wilders approach to having no kudos. I also greatly admire their even-handed moderation of posts. I also think Webroot moderators are currently doing a great job. Not so sure about MT—though I think they probably got it right with locking that thread.

Anyway, I hope you haven't taken my (deliberately) confrontational post personally. I think it was very good that you've been able to air where you stand (second to last post of yours). Who knows, it may even help the stalwarts of this Community to better know where you are coming from. Together with our PM exchange a month or so ago, it certainly helps me. I thank you for that.

Well, I've said what I want to say. From now on, here's hoping that if there are any other things to be said, I (and we) can do this through PM (just as you say you prefer—and incidentally I normally do as well 😉). Also, if ever I'm in Georgia, it would be great to meet you!

PS. Btw I'm not there to "defend" or attack Webroot. I'm just there to say what I think! (sometimes good, sometimes bad—try reading all my Webroot Community posts)
Thread Starter did not markup thread ANSWER.

scanning static file is not malware testing

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings