Solved

Someone please do something about the False Positives and Web Reputation


Userlevel 4
Since I have switched to Webroot SecureAnywhere and am enjoying the best performance on my laptop. It is getting really tiring to get false positives every day, submit a request, and wait till the files are whitelisted.
 
The support team are fast in responding but the amount of FPs is just too much to bear. I thought that Panda Cloud Antivirus was the king of False positives but Webroot SecureAnywhere blows it out of the water!
 
I had submitted SVP in the past and now it's back as a non-safe website according to the Web Reputation add-on in Firefox
 
Now I just tried accessing https://www.privateinternetaccess.com which is a very well known and good VPN that I've been using for long and got another message.
 
I did submit a request to unblock it but is there a possibility of Webroot's team to fix this horrible False positives issue?
 
I've read many complaints on other forums as well about this issue some people would not tolerate them that they switched to another AV.
 
Now I am not hear to switch to another AV, I want this fixed, and hopefully remove this idea out of my and some people's head that Webroot is the king of FPs but rather make it Webroot is the King of AVs
icon

Best answer by Baldrick 30 March 2014, 16:39

Nope...sorry, but just does not get blocked for me...not sure why it does for you but apart from that first site you posted no issues here, and a quick client side override gets one on the way with no real hassle.
 
Well, au revoir or not as the case may be.  Hope that you find what you are looking for security app-wise.
 
Take care out there.
 
Baldrick
View original

49 replies

Userlevel 7
@MaXimus wrote:
 
I'm not reporting this, just uninstalling Webroot for good. I want an AV that would make my life easier, not where I have to work as a tester and keep contacting support for whitelisting
 
thanks all for the help. you are all very kind, but I would rather use a heavier AV than deal with these FP jokes
MaXimus, whilst I do understand the frustration and irritation you are experiencing, wouldn't it just be a better choice to temporarily disable the web-filtering extension, thereby retaining the major functions of WSA? After all, although it's relevant if you're needing URL reputation reporting, without it you're still protected overall. I prefer to use Pale Moon as default browser, which is unsupported, and without filtering extension, but don't feel vulnerable.
 
The full rollout of the filtering extension, and the settling-in process, once past, will bring 'plain sailing' (browsing), in the near future.
 
Don't 'abandon ship' because of this.
 
Userlevel 7
What I'm trying to convey is that this is an extremely complex issue. It goes to the very root of computer security and the approaches to achieving that.
 
NOD32 isn't saying the activation crack is safe, it's saying that it doesn't know it's dangerous.
Webroot is saying this program is doing extremely strange things and messing with stuff a random program shouldn't be touching. Because it literally shouldn't. These activation cracks aren't doing innocuous things that aren't of concern. They are code of little reputation subverting the proper operation of another program and the in some cases the operating system.
 
WSA is operating correctly. If you wish to use these cracks and activators then you will need to properly whitelist them or temporarily deactivate Webroot's protections. Keep them in .zip files when they are not in use.
 
Webroot is sometimes aggressive and that can lead to FPs. It's a valid point. But this is not the example you want to use in demonstrating that.
Userlevel 5
Hey all!
I personally cannot agree more with these concerns and even all the frustrations. I too use our products as well as support them and I would very much like to see web filtering notifications in the console with ability to override centrally once either the admin has done their research and feel they can override it or have called Webroot support to confirm an FP.
 
I am proposing we launch an online community campaign for Webfiltering Management for the Webroot Endpoint Protection product to see just how many kudos we can get and how many it takes to implement the feature.
 
Who's with me?
 
 
Userlevel 7
@ wrote:
Use the Licensed Software and will not have problems.
Any activator is potentially dangerous and violates the license agreement 
 
Thank you
Petr.
Very true, not to mention the fact that such hacks also have been known to contain malware: they are flagged for a reason, even the ones that do not contain malware.
Userlevel 7
Detection of keygens/cracks is not something that should be counted against an antivirus. Activation cracks can require deep hooking of the operating system and modification of data that it shouldn't be touching. Add that to how much WSA relies on reputation, and I would sure hope an antivirus would detect these and alert the user to them being extremely suspicious.
 
WSA is operating properly. Execution of untrusted code on an operating system is against the spirit of computer security, which is what people purchase WSA for. To protect them against the internet, and largely against themselves.
Userlevel 7
Badge +32
@ 
We would need more information about the False Positive you've been seeing in Webroot SecureAnywhere Mobile. We aren't seeing any support tickets under the email address you are using on the community, did you submit a ticket under a different email address? Please Submit a Support Ticket with the threat name and application name/package name so we can investigate further. You may also try uninstalling and reinstalling the Webroot SecureAnywhere app, which can help clear False Positives that have already been fixed.
 
-Dan
Userlevel 7
The best thing to do is just exactly what you are doing: when you see a site you believe is marked incorrctly request a classification change!  I am quite sure that they do not like having to constantly review and reclassify sites any more than you like having to request it, so they are working hard to make it as accurate as possible.
Userlevel 7
My impression is that they are working on it to avoid false positives, but that does take some work, and time.  Have patience!
Userlevel 7
@DavidP1970 wrote:
My impression is that they are working on it to avoid false positives, but that does take some work, and time.  Have patience!
Hi MaXimus
 
David is quite right...this is relatively new fucntionality covering a relatively complex and large area...and I am sure that Webroot will get it right in the end, if evidenced by the comments back on the feature request for more granular control in the feature.
 
Have just tried the site you provided the URL for and yo are quite correct...warning is generated...but I do not think that you need to hold back from unblocking as that only acts at the client level and so Webroot will still see what you are reporting if they check from their end.
 
Regards
 
 
Baldrick
Userlevel 4
Ok that's it! another false positive from ASUS Merlin website for ASUS Firmwares that I have always used:
 
Site: https://www.mediafire.com/folder/bkfq2a6aebq68//Asuswrt-Merlin
 


 
I'm not reporting this, just uninstalling Webroot for good. I want an AV that would make my life easier, not where I have to work as a tester and keep contacting support for whitelisting
 
thanks all for the help. you are all very kind, but I would rather use a heavier AV than deal with these FP jokes
Userlevel 7
Nope...sorry, but just does not get blocked for me...not sure why it does for you but apart from that first site you posted no issues here, and a quick client side override gets one on the way with no real hassle.
 
Well, au revoir or not as the case may be.  Hope that you find what you are looking for security app-wise.
 
Take care out there.
 
Baldrick
Userlevel 7
Badge +51
@MaXimus wrote:

With WSA, I had to contact support for the Adobe Acrobat Pro XI activator, PassMark Performance Test activator, and a few others.

Use the Licensed Software and will not have problems.
Any activator is potentially dangerous and violates the license agreement 
 
Thank you
Petr.
Userlevel 4
Badge +23
I came here to start a thread about this, but I'll post here as it's germane to the thread. I posted this on the Wilders forums too:
 
The false positives from this web filtering extension are becoming somewhat of a joke. I had a 'Malicious software threat' when trying to respond to a buyer on eBay - not some rinky-dink shopping site - eBay. Adelaide Metro, Adelaide's public transport website, resulted in a 'Suspicious threat' message.

Also problematic is Webroot's URL Reputation Change Request site. I've submitted several URLs using this service, always leaving my details and checking the 'Receive Notifications' box. Not once have I ever heard back about a site I reported. It's getting to where I'm seriously considering switching products.
 
Userlevel 7
Hi Seeker
 
Hope that you are well?
 
I am bemused because the Threat Filtering addon just does not seem to give me anything other than the very occassional FP...it either allows sites or has blocked a few that on investigation have seemed suspect (as far as I could tell)...and where I have had the FPs I have created a local override and then posted the FP via the URL Reputation Site...no real issues.
 
To me what is really strange is why some have so many issues and some have next to none...and my wife uses ebay sites galore and is always buying things...but never gets hit with an FP. ;)
 
It is the disparity in apparent performance that to me is the great mystery.
 
Regards
 
 
Baldrick
Userlevel 7
Hi Seeker
 
As I posted to MaXimus earlier in this thread...this is relatively new functionality covering a relatively complex and large area...and I have faith in Joe & his development team, to get it right in the end.  If you look at what has been said by Webroot in response to this feature request, they are working on it.
 
We just need patience (but I understand that this is easy for me to preach when I have minimum FPs...for some reason...http://www.forumsextreme.com/images2/sEm_blush7.gif).
 
Regards
 
 
Baldrick
Userlevel 7
Badge +51
A loader program is a bios emulator used in an attempt to illegally activate windows. It will be detected by Windows Activation Technologies sooner or later. Your screen will turn black and you will get not genuine notices. Usually it will require purchasing and installing genuine windows and all that it entails.
 Unfortunately thieves sell these hacked versions to unsuspecting buyers cheating them out of their money. simply put, use genuine windows and save yourself a lot of grief. 
Userlevel 7
Hi Shawn
 
I am with you on this...http://www.forumsextreme.com/images2/sFun_cheerleader2.gifhttp://www.forumsextreme.com/images2/sFun_cheerleader2.gifhttp://www.forumsextreme.com/images2/sFun_cheerleader2.gifhttp://www.forumsextreme.com/images2/sFun_cheerleader2.gif
 
but just in case you have not seen it there is already a Feature Request in the Ideas Exchange, on this topic or in the same area (by @ ) which we should not forget/overlook.
 
Regards
 
 
Baldrick
Userlevel 7
@ Hi Shawn, I think you posted this in the wrong place. The complaint about WSA-E not having web whitelisting you heard about is in the Business community with 11 kudos.
 
https://community.webroot.com/t5/Feature-Requests/Website-Exception-Management-in-Console/idi-p/80853
Userlevel 7
@ hope that you are keeping well?
 
Have been picking up some continuing complaints, over at Wilders, re. the fact that despite the reporting of FPs and the subsequant raising of URL Reputation Change Requests, that in some case these do not seem to be being processed as it has been over a month but the report sites are still being incorrectly detected by the Threat Shield.
 
Thought that you might want to know in case there is something that can be looked into re. improving the service.
 
Regards
 
 
Baldrick
Userlevel 7
@MaXimus wrote:
I keep monitoring the forums in hope that this nuisance will ever be reoslved but in vain....
 
sigh...
Maximus, 
 
You already know the answer to this.
 
1) It IS being addressed by Webroot
 
2) YOU can be part of the solution, you know how.
 
Thanks.
Userlevel 7
Badge +55
I for one know that you are smarter than that so why do you continue to complain we already told you what to do and we will again please fill out one of these forms to get the web page corrected! http://www.brightcloud.com/tools/change-request-url-reputation.php? or http://www.brightcloud.com/tools/change-request-url-categorization.php and if not Submit a Support Ticket and ask them to get it corrected.
 
Daniel 😠
False positives, regardless of how long it takes to resolve them, destroys the confidence I have in Webroot Mobile Security. I have been dealing with the same false positive for at least 1 month. I have a premium account and am considering cancellation. I am currently reviewing Norton mobile security solutions.
Userlevel 7
Hi Dan
 
Thanks for chipping in and confirming what some of us have been advising be done, for a while now.  Unfortunately it seems that some are not ready to follow the good advice given by the likes of TripleHelix & DavidP1970...which is a shame.
 
Regards
 
 
Baldrick
Userlevel 4
Maybe the team will fix it
BTW:i don't get the false positives
Userlevel 4
sigh...I got no choice... I will continue doing this 😞

Reply