Did that because it grows rapidly - it is 5GB right now - and I wanted to reduce the daily backup size.
I read today that WSA uses this folder to repair infected files, even recovers from ransomware.
So... is this a big no-no, or is it maybe even better to have that data on another disk?
Userlevel 7
Hi Wammes
You are correct in that WSA will initiate journallling of the activities of any unidentified files that it discovers, so that if one of these files is later determined to be malicious then WSA is able can roll back whatever actions it carried out, including the damage done by CryptoLocker.
Therefore, whilst I am not technical enough to know whether what you have done is sound or not...but personally I would not mess with this core element of WSA...., I would say that this is a BIG no-no.
Regards
Baldrick
You are correct in that WSA will initiate journallling of the activities of any unidentified files that it discovers, so that if one of these files is later determined to be malicious then WSA is able can roll back whatever actions it carried out, including the damage done by CryptoLocker.
Therefore, whilst I am not technical enough to know whether what you have done is sound or not...but personally I would not mess with this core element of WSA...., I would say that this is a BIG no-no.
Regards
Baldrick
Userlevel 7
If your PC is not infected you can if you want delete the .db files from the WRData folder but be aware the journaling information will be lost. If you PM me your KC i`ll start whitelisting it tomorrow.
Userlevel 7
+56
Hi @ don't you mean the db.numbers.db files not all db files right?
Thanks,
Daniel
Thanks,
Daniel
Rakanisheu, thank you for the whitelisting offer, but I have several (beta) racing sims that get regular updates. WRData will grow quickly again when programs change or crash isn't it?
I also will hang on to my journaling data, that ransomware is scary stuff...
Baldrick, I agree, I put it back :P
An interesting question is: if a bugger got past WSA, wouldn't the WRData folder get encrypted too and be useless then?
I also will hang on to my journaling data, that ransomware is scary stuff...
Baldrick, I agree, I put it back :P
An interesting question is: if a bugger got past WSA, wouldn't the WRData folder get encrypted too and be useless then?
Userlevel 7
+56
Have a look here for more info: https://www.brighttalk.com/webcast/8241/95617
Also see this long thread: https://community.webroot.com/t5/Security-Industry-News/How-To-Avoid-CryptoLocker-Ransomware/m-p/65059/highlight/true#M2423
HTH,
TH
Also see this long thread: https://community.webroot.com/t5/Security-Industry-News/How-To-Avoid-CryptoLocker-Ransomware/m-p/65059/highlight/true#M2423
HTH,
TH
Userlevel 7
Crypto have a list of file types that they encryp and webroots database files arent in that list (correct as of now). You playing Project Cars/Assetto Corsa at the moment? You can keep the WRdata folder there is no harm in keeping it if you have lots of HDD space. I have found your Keycode via a support ticket you submitted. I will start whitelisting your KC and the WRdata folder will start to shrink. If you can run a deep scan later today it will force the changes I made
1. Open SecureAnywhere and click the 'cog' beside 'PC Security'.
2. On the Scan & Shields tab, select Custom Scan.
3. Select deep scan from the Customized Scan Window and Click Start Scan
1. Open SecureAnywhere and click the 'cog' beside 'PC Security'.
2. On the Scan & Shields tab, select Custom Scan.
3. Select deep scan from the Customized Scan Window and Click Start Scan
Thanks for the excellent support guys!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.