Knowledge Base

How to correct a False Positive

  • 10 April 2018
  • 0 replies
How to correct a False Positive
Userlevel 7
Badge +35
If a file was incorrectly detected as bad and quarantined by the Webroot SecureAnywhere product, there are multiple options available to the business admin in order to reverse the False Positive detection and restore the files that were quarantined.
Option 1:  Restore Point

If you are running in an Active Directory environment and have recent restore points for the affected machines, it is recommend to create a script to roll these machines back to a time prior to the issue.
Option 2: Access to Client (Agents MUST be in an unmanaged policy for this option)

If you can access the affected client machines and launch the Webroot GUI then restore the files from quarantine on the clients. This should restore the machine to a state prior to the issue.

For detailed steps on how to move a machine to an unmanaged policy to restore the files, click here.
Option 3: Access to client & reboot to safe mode w/ Networking

If access to the affected client is not possible because it cannot boot, try booting in Safe Mode with networking. If this is successful open the Webroot GUI and restore the files from quarantine. This should restore the machine to a state prior to the issue.
Option 4: Agent Commands via Console 

Finally, you can issue agent commands from the Console
  1. Sign into the Webroot console at:
  2. Click the "Group Management" tab and then select Agent CommandsFiles and Processes Reverify All Files and Processes.
  3. Go to “Endpoint protection”, then click the “Status” tab.
  4. Click the red text "View" under "Blocked Programs".
  5. This list will show all files found by Webroot for the endpoint, for any files that have the malware group "Uncategorized File" or "Whitelisted File" click the checkbox next to the file, then click "Create Override" followed by "Restore from quarantine".
  6. After creating overrides and restoring the false positive detections, click the "Group Management" tab and then select Agent Commands> Files and Processes > Reverify All Files and Processes, followed by the scan command.
  7. Click the "Group Management" tab, select all the endpoints with this detection. Click Agent CommandsAgent Scan

This topic has been closed for comments

Cookie policy

We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

Accept cookies Cookie settings