To Customer Support To Customer Support

How do you whitelist a file so false positive doesn't occur?

  • 10 January 2017
  • 8 replies
  • 423 views
A
Greetings.  I run Malwarebytes on my Windows 10 desktop in addition to Webroot.  I updated Malwarebytes to Version 3 today and Webroot identified a Malware database update file as a trojan, W32.Trojan.Gen, and caused the PC to not log on to the desktop with a blue screen of death.  I was afraid I'd have to rebuild but persistent reboots, selecting the startup option to not start malware software, after about 8 reboots it finally started up.  Another scan ran, it picked up the file again and I selected Webroot to allow the file instead of remove it this time.  I am unable to find the file on the computer with search at all, but I'd like to verify that the file is in fact whitelisted and won't cause any more issues, and perhaps exclude more from scanning.  How is that done in the application?

8 replies

Petrovic
Rank
Userlevel 7
Badge +52
Hello
1 - save a threat log | how to: http://live.webrootanywhere.com/content/843/Saving-Threat-Logs
 
2 - Find [e] characters in to saved file
for example
[e] d:soft rashreg rashregx64full.exe [MD5: 2B3742E423AC0C5B7326E84B8FD58D72] [Flags: 40080100.6112] [Threat: W32.Trojan.GenKD]
 
3 - send this string(-s) and description of the problem to support: https://www.webrootanywhere.com/servicewelcome.asp
 


 
+
You can read articles:
Managing Quarantined Items
http://live.webrootanywhere.com/content/603/Managing-Quarantined-Items
Blocking or Allowing Files
http://live.webrootanywhere.com/content/604/Blocking-or-Allowing-Files
Managing Protected Applications
http://live.webrootanywhere.com/content/610/Managing-Protected-Applications
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
Baldrick
Rank
Userlevel 7
Hi anothermike
 
Welcome to the Community Forums.
 
There is actually no need to provide the detail to the Support Team...just opene the support ticket, explain which file you are concerned about/believe may be the subject of a false positive determination and that should do it as the scan log data is automatically upload by default as and when you open the ticket.
 
You are of course free to add the additional infromation in the body of the ticket but there is no need to take the time or trouble for just one file.
 
Having said that I routine do what Petr has described, review the contents of the [u] designated files listed, and some times there are a number, copy/paste them into the support tciket and use that to ask the Support Team to verify & whitelist the ones they find to be safe, etc.
 
Hope that helps further?
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
ProTruckDriver
Rank
Userlevel 7
@ wrote:
as the scan log data is automatically upload by default as and when you open the ticket.
Hmm, I didn't know that. I thought they needed the WSA Download Logs Link Tool. Learn something new today. 😃
Late 2015 ~ 5K ~ 27 inch iMac ~ macOS Catalina 10.15.7 ~ Clone & Backup with: SuperDuper - Time Machine & iCloud. PWM: RoboForm.  "An Apple a Day, Keeps Microsoft Away." 
Baldrick
Rank
Userlevel 7
Well, actually, DAve...neither did I until one day one of the Webrooter advised on this in a thread and since then I have refrained from including anything in the support ticket and usually that is enough but if the Support Team need more info then they will almost certainly request the use of the wsalogs.exe tool as you have stated.
 
But then again I amy be wrong or this may have changed so perhaps @ can comment on the veracity of my statements?
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
DanP
Rank
Userlevel 7
Badge +35
This False Positive appears to have been corrected - we don't have the exact info here but a file matching your description was whitelisted. 
 
If a file is detected, restoring the file from quarantine will whitelist the file locally for you.
 
It is always best to report any false positives you encounter via the support system. You can also submit files via the client or the following link: http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx
 
-Dan
Webroot Threat Research
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
@ No detections here so it must be something else? Can you post the MD5 hash so we can check it?
 


 
Daniel 😉
J
Userlevel 7
 
Yes, general information is included when you open a support ticket with us. This includes the scan log and all activity with Webroot since it was first installed.
 
The WSALogs tool provides a much more broad overview of the System as a whole. If our Team is requesting this, it's because they need some of the information that it includes.
 
Hope this helps. My motto is: If all else fails, LOGS, LOGS, LOGS!
Baldrick
Rank
Userlevel 7
Hi JP, thanks for confirming that I had not imagined it or that I was falling victim to my advancing years...;)
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.