Solved

OSX.Defma Webroot virus

  • 23 November 2013
  • 8 replies
  • 66 views

Webroot SecureAnywhere has begun identifying thousands of OSX.Defma virus on my backup drive this week and reclassifying files with a .DS_Store suffix.
Comapny has not responded to support request and has not posted anything to acknowledge this on their own.
Searching online for support has shown that many Mac users getting hit with the same sudden onset.  Also found an independent test that reported Webroot as one of the worst identifiers in the marketplace.
How credible can a protection company be if they don't quickly preempt or address issues?
icon

Best answer by DanP 25 November 2013, 22:43

View original

8 replies

Userlevel 7
Badge +35
Hello Gephri,
We're sorry that you did not receive a response to your support request - we're not seeing any support tickets associated with the email address that you are using here on the community. If you send a PM with the email address that you used to submit the support ticket I can look into why a response was not received.
 
This issue had been addressed with an update shortly after it was first reported. If you are still seeing these files being detected, you should be able to resolve this issue by going to the Mac Security gear icon, then clicking on the Quarantine tab, selecting all files in the quarantine, and restoring or deleting all - removal of the .DS_Store files will have no impact on the system. 
 
Thanks,
 
-Dan
Userlevel 7
Hello Gephri and welcome to the Webroot Community!
 
The reviews regarding support response that I have seen have been generally postive, and better than some others.  My own experience reflects that as well.  One thing I have noticed once in a while is that sometimes Support may not respond quickly if they are investigating an issue.  Instead of replying with a simple "we are not sure yet and looking into it", sometimes I think they may choose not to respond until they have more information for you that is actually useful.  (This is my own thought on the matter of a delayed response time based on what I have heard about response time from others.  My own support tickets have usually been replied to within just a couple hours, but I have not had any severe or complicated issues.)
 
Having said that, I hope that this thread will receive a reply from Webroot regarding the possible issue.
Userlevel 7
I can investigate further, Gephri.
 
Please send me your email address that you used for your support ticket.
 
Send me a Private Messsage
I've been getting these false+ for over a week on Mavericks OS X 10.9 (13A603) with WSAC 8.0.55:126.
What release specifically can I check to see if these false+ should now be resolved?
I have been getting OSX.defma virus notifications from Webroot for normal file operations such as pasting simple data into a spreadsheet.  WR quarantines the .defma files but I don't believe these are real, and don't want the pop-ups disrupting me or the operation of my Mac, not to mention deletions of quaratines.  I don't consider this "problem" solved.. Can you provide more information regarding this threat?  Please reply.  Thanks.
Userlevel 7
Badge +56
Hello imsai and Welcome to the Webroot Community Forums!


 
Can you please Submit a Support Ticket as this is the best way to get this corrected ASAP.
 
Thanks,
 
TH
@ wrote:
.....  I don't consider this "problem" solved.. Can you provide more information regarding this threat?  Please reply.  Thanks.
I don't remember exactly when the false+ were resolved but somewhere between a combination of Maveriks 10.9.1 (13B42) and WSAC 8.0.5.66:130 production and 8.0.6.36:133 alpha builds perhaps?  You might want to check your respective WSA versions (and possibly whatever OSX flavour) you're using before raising a ticket?
Userlevel 4
Badge +3
@ wrote:
I have been getting OSX.defma virus notifications from Webroot for normal file operations such as pasting simple data into a spreadsheet.  WR quarantines the .defma files but I don't believe these are real, and don't want the pop-ups disrupting me or the operation of my Mac, not to mention deletions of quaratines.  I don't consider this "problem" solved.. Can you provide more information regarding this threat?  Please reply.  Thanks.
Hi imsai,

The easiest thing to do is to just uninstall and reinstall the application. I will PM you full instructions to make sure it's fully removed.
 
The alert you are seeing is related to a false positive which as promptly fixed, you are most likely not up to date. We need you to remove all files listed in blocked files and do a new full scan as we believe the false positive is still in place locally on your machine. 

Thanks!
EamonF

Reply