Solved

Someone please do something about the False Positives and Web Reputation


Userlevel 4
Since I have switched to Webroot SecureAnywhere and am enjoying the best performance on my laptop. It is getting really tiring to get false positives every day, submit a request, and wait till the files are whitelisted.
 
The support team are fast in responding but the amount of FPs is just too much to bear. I thought that Panda Cloud Antivirus was the king of False positives but Webroot SecureAnywhere blows it out of the water!
 
I had submitted SVP in the past and now it's back as a non-safe website according to the Web Reputation add-on in Firefox
 
Now I just tried accessing https://www.privateinternetaccess.com which is a very well known and good VPN that I've been using for long and got another message.
 
I did submit a request to unblock it but is there a possibility of Webroot's team to fix this horrible False positives issue?
 
I've read many complaints on other forums as well about this issue some people would not tolerate them that they switched to another AV.
 
Now I am not hear to switch to another AV, I want this fixed, and hopefully remove this idea out of my and some people's head that Webroot is the king of FPs but rather make it Webroot is the King of AVs
icon

Best answer by Baldrick 30 March 2014, 16:39

View original

49 replies

Userlevel 5
Maybe the team will fix it
BTW:i don't get the false positives
Userlevel 7
The best thing to do is just exactly what you are doing: when you see a site you believe is marked incorrctly request a classification change!  I am quite sure that they do not like having to constantly review and reclassify sites any more than you like having to request it, so they are working hard to make it as accurate as possible.
Userlevel 4
sigh...I got no choice... I will continue doing this 😞
Userlevel 7
My impression is that they are working on it to avoid false positives, but that does take some work, and time.  Have patience!
Userlevel 5
Patience is key.
Userlevel 4
The websites are still blocked :(

I don't want to allow them manually as I want to confirm this issue has been fixed
Userlevel 7
@DavidP1970 wrote:
My impression is that they are working on it to avoid false positives, but that does take some work, and time.  Have patience!
Hi MaXimus
 
David is quite right...this is relatively new fucntionality covering a relatively complex and large area...and I am sure that Webroot will get it right in the end, if evidenced by the comments back on the feature request for more granular control in the feature.
 
Have just tried the site you provided the URL for and yo are quite correct...warning is generated...but I do not think that you need to hold back from unblocking as that only acts at the client level and so Webroot will still see what you are reporting if they check from their end.
 
Regards
 
 
Baldrick
Userlevel 4
yeah they seem to be much slower than the tech support as when I submit an FP, that is usually whitelisted within 30 minutes

I just checked my own forums http://forums.tweakarena.com and that has a not so good reputation as well.

I think the guys who are handling this department really need a kick. Do they just blacklist the entire web and then start whitelisting them as per request???

been almost 24 hours and no reply yet.

I know I can simply ignore the warning, but that's not right they shouldn't be marked as harmful
Userlevel 4
Ok that's it! another false positive from ASUS Merlin website for ASUS Firmwares that I have always used:
 
Site: https://www.mediafire.com/folder/bkfq2a6aebq68//Asuswrt-Merlin
 


 
I'm not reporting this, just uninstalling Webroot for good. I want an AV that would make my life easier, not where I have to work as a tester and keep contacting support for whitelisting
 
thanks all for the help. you are all very kind, but I would rather use a heavier AV than deal with these FP jokes
Userlevel 7
I am very sorry to see you go... Personally, I prefer to keep the best lightest AV on my computer.  A temporary problem with a few FP's is well worth it to me to have the best overall protection available.
Userlevel 7
Badge +3
@MaXimus wrote:
 
I'm not reporting this, just uninstalling Webroot for good. I want an AV that would make my life easier, not where I have to work as a tester and keep contacting support for whitelisting
 
thanks all for the help. you are all very kind, but I would rather use a heavier AV than deal with these FP jokes
MaXimus, whilst I do understand the frustration and irritation you are experiencing, wouldn't it just be a better choice to temporarily disable the web-filtering extension, thereby retaining the major functions of WSA? After all, although it's relevant if you're needing URL reputation reporting, without it you're still protected overall. I prefer to use Pale Moon as default browser, which is unsupported, and without filtering extension, but don't feel vulnerable.
 
The full rollout of the filtering extension, and the settling-in process, once past, will bring 'plain sailing' (browsing), in the near future.
 
Don't 'abandon ship' because of this.
 
Userlevel 4
thank guys, you have been the friendliest and most tolerant bunch I have seen on any forums. But let's just part on good terms. going back to my heavy NOD32, I will bear the performance drop to have the ease of mind.

When I use an AV, it has to work properly out of the box, I don't want to disable anything.

The core must be fixed, not disabling features to make something work.

Webroot has a lot of potential, it covers the main point perfectly, which is keeping you protected. Maybe one day someone responsible will see this and make the guys behind these FPs realize that it annoys some customers. I have seen many complaints about this on Wilder Security but didn't bother until I experienced it myself.

I am sensitive to 2 things in life:

1) Ads (that's why I use ABP)

2) False Positives
Userlevel 7
Badge +52
 False Positives
You think they do not have ESET :D
Userlevel 7
Nope...sorry, but just does not get blocked for me...not sure why it does for you but apart from that first site you posted no issues here, and a quick client side override gets one on the way with no real hassle.
 
Well, au revoir or not as the case may be.  Hope that you find what you are looking for security app-wise.
 
Take care out there.
 
Baldrick
Userlevel 4
@ Petrovic

I have been using NOD32 since 7 years, only had 1 False positive since then, which was a program called UltraSurf >>> https://ultrasurf.us/

No activator, crack, or keygen was ever detected as a virus unless it really was.

With WSA, I had to contact support for the Adobe Acrobat Pro XI activator, PassMark Performance Test activator, and a few others.

While they did respond almost instantly and whitelisted the files, just wanted to note that they were not detected by NOD32

I am not trying to make an A vs B thread here, Webroot blows NOD32 out of the water when it comes to system performance / slightness
Userlevel 7
Badge +52
@MaXimus wrote:

With WSA, I had to contact support for the Adobe Acrobat Pro XI activator, PassMark Performance Test activator, and a few others.

Use the Licensed Software and will not have problems.
Any activator is potentially dangerous and violates the license agreement 
 
Thank you
Petr.
Userlevel 7
@ wrote:
Use the Licensed Software and will not have problems.
Any activator is potentially dangerous and violates the license agreement 
 
Thank you
Petr.
Very true, not to mention the fact that such hacks also have been known to contain malware: they are flagged for a reason, even the ones that do not contain malware.
Userlevel 7
False positives on keygens and activators erm what?
Userlevel 7
@ wrote:
False positives on keygens and activators erm what?
Keygens, hacked .exe's, actvivators, etc all have been used to pass malware.  In the case of activators, since they alter the software they are often flagged as malicious anyway as they behave as a virus would in altering the software.
Userlevel 7
Badge +52
Anyway use of activators illegally.
Userlevel 5
Badge +23
I came here to start a thread about this, but I'll post here as it's germane to the thread. I posted this on the Wilders forums too:
 
The false positives from this web filtering extension are becoming somewhat of a joke. I had a 'Malicious software threat' when trying to respond to a buyer on eBay - not some rinky-dink shopping site - eBay. Adelaide Metro, Adelaide's public transport website, resulted in a 'Suspicious threat' message.

Also problematic is Webroot's URL Reputation Change Request site. I've submitted several URLs using this service, always leaving my details and checking the 'Receive Notifications' box. Not once have I ever heard back about a site I reported. It's getting to where I'm seriously considering switching products.
 
Userlevel 7
Hi Seeker
 
Hope that you are well?
 
I am bemused because the Threat Filtering addon just does not seem to give me anything other than the very occassional FP...it either allows sites or has blocked a few that on investigation have seemed suspect (as far as I could tell)...and where I have had the FPs I have created a local override and then posted the FP via the URL Reputation Site...no real issues.
 
To me what is really strange is why some have so many issues and some have next to none...and my wife uses ebay sites galore and is always buying things...but never gets hit with an FP. ;)
 
It is the disparity in apparent performance that to me is the great mystery.
 
Regards
 
 
Baldrick
Userlevel 7
Badge +6
Detection of keygens/cracks is not something that should be counted against an antivirus. Activation cracks can require deep hooking of the operating system and modification of data that it shouldn't be touching. Add that to how much WSA relies on reputation, and I would sure hope an antivirus would detect these and alert the user to them being extremely suspicious.
 
WSA is operating properly. Execution of untrusted code on an operating system is against the spirit of computer security, which is what people purchase WSA for. To protect them against the internet, and largely against themselves.
Userlevel 5
Badge +23
@ wrote:
Hi Seeker
 
Hope that you are well?
 
I am bemused because the Threat Filtering addon just does not seem to give me anything other than the very occassional FP...it either allows sites or has blocked a few that on investigation have seemed suspect (as far as I could tell)...and where I have had the FPs I have created a local override and then posted the FP via the URL Reputation Site...no real issues.
 
To me what is really strange is why some have so many issues and some have next to none...and my wife uses ebay sites galore and is always bying things...but never gets hit with an FP. ;)
 
It is the disparity in apparent performance that to me is the great mystery.
 
Regards
 
 
Baldrick
Hi Baldrick - I am well thank you. Bemused too, believe me. Clicking on 'Reply' within the 'My eBay' section of eBay to respond to a buyer's question, and seeing not a 'Suspicious threat' message, but a 'Malicious software threat' message really made me lose faith in the feature.
Userlevel 7
Badge +52
@ wrote:
I came here to start a thread about this, but I'll post here as it's germane to the thread. I posted this on the Wilders forums too:
 
The false positives from this web filtering extension are becoming somewhat of a joke. I had a 'Malicious software threat' when trying to respond to a buyer on eBay - not some rinky-dink shopping site - eBay. Adelaide Metro, Adelaide's public transport website, resulted in a 'Suspicious threat' message.

Also problematic is Webroot's URL Reputation Change Request site. I've submitted several URLs using this service, always leaving my details and checking the 'Receive Notifications' box. Not once have I ever heard back about a site I reported. It's getting to where I'm seriously considering switching products.
 

You can use Webroot Reputation Toolbar, it won't show only reputation without blocking sites
http://www.brightcloud.com/wrtoolbar.php
 



 
 

Reply