Solved

Tired with FALSE POSITIVES!!


Userlevel 4
The speed at which a false positive is white-listed is great, but common whats going on here? it seems like WSA flags every file in the universe as a virus until someone specifically asks for it to be white-listed, I reported like 4 FPs this week

now this is the 4th: http://dlcdnet.asus.com/pub/ASUS/nb/Apps_for_Win8.1/LiveUpdate/LiveUpdate_Win81_64_VER327.zip  The zip itself is not the virus, once you install the Live updater, when it runs, that gets flagged as a virus!

for the love of good it's an ASUS updater!

seriously considering to switch solutions as I can't deal with so many FPs and I thought Panda Cloud AV was bad! this is horrible!

icon

Best answer by RetiredTripleHelix 10 March 2014, 00:45

@MaXimus wrote:
Reply from Support:

Hello,

We very much apologize again for the issues you have been having. We have reversed this false detection in our system as well.

Regards,

Webroot Threat Research
----------------------------------------------

I'm gonna give WSA one last try, hope I don't get another FP this week :)

thanks all for your support

Well to me it's better to be over protective and at least they fixed the FP for you!
 
Daniel ;)

View original

32 replies

Userlevel 7
Your right we dont create Viruses , we leave that to the malware authors. Your last few posts are just about slamming our product. I am sorry you dont like our software but spamming our forum with negative feedback isnt really helping anybody. 
Userlevel 7
Badge +55
Can you scan the files and save a scan log and post the lines like I did? I ran the installer and no detection so there is a problem on your end.
 
Thanks,
 
Daniel
Userlevel 7
Badge +55

@MaXimus wrote:
Reply from Support:

Hello,

We very much apologize again for the issues you have been having. We have reversed this false detection in our system as well.

Regards,

Webroot Threat Research
----------------------------------------------

I'm gonna give WSA one last try, hope I don't get another FP this week :)

thanks all for your support

Well to me it's better to be over protective and at least they fixed the FP for you!
 
Daniel ;)
Userlevel 4
Reply from Support:

Hello,

We very much apologize again for the issues you have been having. We have reversed this false detection in our system as well.

Regards,

Webroot Threat Research
----------------------------------------------

I'm gonna give WSA one last try, hope I don't get another FP this week :)

thanks all for your support
Userlevel 7
Hi MaXimus
 
Can appreciate how you are feeling especially with us saying we are not seeing the same as you (and that is very real for you) but as Daniel says there must be something somewhere that is causing this...so I would suggest one last try...and go  for the scan of the .exe and then posting if there is anything that seems untoward, or even PM'ing the scan log to us so that we an have a look discretely. ;) if that does not cause you a problem?
 
Would hate to lose you back to NOD32 . :(
 
EDIT:  Just seen that you have... I am behind the curve tonight...it is just frenetic.  :S
 
Regards
 
 
Baldrick
Userlevel 7
That's weird... I haven't experienced any false positives for a long time.
Even on my new laptop, which is full of applications and add-ons from Samsung, after a few scans WSA classified almost all of them as [g].
So far there is not even necessary to do whitelisting.
 
 
Mike
Userlevel 4
thanks for the reply but I would rather not, I would rather the problem is solved from its roots. What if I did try to run an actual PUP one day I want to be warned. Just don't want these FPs man
Userlevel 6
@scubasit , sorry you feel so negative about Webroot.  Your negativity accomplishes nothing. Lets not KILL THE MOOD in the community.  We are here to help eachother. SO I will ask you again to please read the https:///t5/Community-Announcements/Webroot-Community-Guidelines/td-p/2 AND follow them.
Userlevel 7
Badge +55
This what I get with your link?
 
Daniel
 


Userlevel 7
Badge +55
No detection here and I have mine set to the Max! And marked Good! Strange! Can you do another clean reinstall of WSA and make sure you don't import your old settings make sure you have Keycode and Reboot after Uninstall and after reinstall.
 
Some legitimate files are not included in this log
[g] c:usersdanieldownloadsliveupdate_win81_64_ver327.zip/setup.exe [MD5: 17C5C943A0D3F047AC571843543330A5] [Flags: 00001000.4473]
[g] c:usersdanieldownloadssetup.exe [MD5: 17C5C943A0D3F047AC571843543330A5] [Flags: 00001000.4473]
 
 
 


Userlevel 7
Badge +55
[e] = OVERRIDDEN TO IGNORE
 
As I don't have ASUS I can't run the full installer to find out about that file that you have over ridden to ignore, Did you get it installed in any case? And you should contact support and ask what's going on with this installer it could be a simple thing of Whitelisting that Overridden file detection.

 
Daniel

 
Userlevel 7
Badge +55
Yes that's what's it's meaning so I would contact support!
 
Daniel
Userlevel 7
Hi MaXimus
 
How are you?
 
I am intrigued by what you are reporting as I barely get an FP from WSA...so just wondering what your Heuristics settings are (I assume that you know where to find them in Advances Settings...;)) as I believe that there have been posts previously about more FPs with the higher settings, i.e., Maximum...I am currently running on "Enhanced Heuristics base on the behaviour, origin, etc....
 
May be a dead end/bum steer...but always worth trying to rule out the obvious.
 
Cheers
 
 
Baldrick
Userlevel 7
Hi Petr
 
It might be that but I do not think so as I have mine checked on both Win7 64bit & Win8.1 32bit systems and I barely get anything detected by scans let alone the sort of FPs that MaXimus is advising he is seeing.
 
MaXimus, at the risk of it sounding cliched, have yo tried the good ol' "uninstall, reboot, install fresh downloaded version & reboot" four step?  May be worth a try in case there is something not quite right with your current installation?
 
May be worth a punt as it does not take long at all?
 
Regards
 
 
Baldrick
Userlevel 7
Hi MaXimus
 
I appreciate that you have a new install but what I was wondering when these FPs (the 4 a day that you are unfortunately getting) started?  Has this always been the case or have they started since the last install of WSA, etc.
 
I will check again on my Win8.1 system but as I have it set to do auto updates they are usually installed before I even get sight of them.  But given the info you have provided I will double check.
 
Cheers
 
 
Baldrick
Userlevel 7
Hi MaXimus
 
Have checked on the MD5s for the updatechecker.exe, and found a couple of site reporting it as "Trojan downloader activity" and that the file is not digitally signed.
 
File sizes match too!
 
Regards
 
 
Baldrick
Userlevel 7
Badge +51
Hi MaXimus

Just I checked this file and archive, Webroot doesn't define in it a virus


 



 


 
Either way, you might want to submit a Trouble Ticket
 
Thank you
Best regard, Petr.
Userlevel 7
Badge +51
MaXimus

You can disable the detection of PUA
 


 
 
 Keygen software distributions may be infected with malware
Regardless, in most cases it's illegal. (Use keygen)
 
Userlevel 7
Badge +51
MaXimus
You can always ask for help in support
&
Read more:
https:///t5/Tips-and-Tricks-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744
Userlevel 7
Badge +51

@MaXimus wrote:
did you actually run the udpater and hit the update button? it won't find anything, just try that see what WSA says




 
Everything works
Userlevel 7
Badge +51

@TripleHelix wrote:
This what I get with your link?
 
Daniel
 

Correct link
http://dlcdnet.asus.com/pub/ASUS/nb/Apps_for_Win8.1/LiveUpdate/LiveUpdate_Win81_64_VER327.zip
Userlevel 7
Badge +51

@MaXimus wrote:
I also did submit a ticket 
 
The program is intended only for asus and I can not fully test it
I think in the near future support will solve your issue

 
Userlevel 7
Badge +51

@MaXimus wrote:
I just showed you the screnshots above and the virus total link, how will support help me? if they can't even install the program?

and what in the world makes WSA mark it as a virus or PUP to start off with? that's my point, the FPs in WSA are beyond imagination. I'm tired of submitting support tickets I've submitted like 4 this week.

Might as well go back to my NOD32 and enjoy a FP free life



@Rakanisheu wrote:
"
We have a set guidelines on what we can mark as bad and we follow them to the button.We mark a large number of PUA`s every day in fact I marked about 75 thousand bad yesterday.

A large amount of the tickets I see about customers having an issue about PUA is that they installed it themselves by clicking a number of accept dialogue boxes. If a program tells you what it does (and isnt malicous) and gives you the option to uninstall cleanly it wont probably wont be marked bad (thats not set in stone of course!).

In the links you posted the first one isnt really PUA they are talking about malware (password stealers etc) which we of course we block. The grayware def again is a little vague they talk about Dialers (which we block), Adware which there a varying types of some we block some we dont (it varies for each program).

What people forget is that "free" programs often use advertising in order for the creater to make some money. Its extremely common on mobile applications but for some reason when its on a PC platform people get really annoyed 😃 Toolbars are a pet hate of mine, if I had my way I`d mark them all bad but to be honest the majority of them will tell you what they do before the install! My rule of thumb is to avoid them all."

https:///t5/Tips-and-Tricks/Webroot-s-position-on-PUA/m-p/40404#M448
Userlevel 4
hi guys, all WSA settings are at default I didn't touch a thing.
 
Strange how you got no FP from it as soon as the live updater launched, WSA stopped it and said it was a virus I wish  I took a screenshot.the program? that's when the virus is detected when it runs not the actual installer
 
Petrovic, did you actually run
 
I also did submit a ticket :(
 
been getting FPs all week long of keygens which are reported safe by Kaspersky, Bitdefender, NOD32, and the big sharks so support whitelisted them but the amount of FPs I am experiencing is beyond acceptable :(
Userlevel 4
Hi Mr. Baldrick, I have the latest WSA clean installed after disabling Windows Defender. It's a fresh win 8.1 installation with the latest drivers and a fresh clean install of the latest WSA so that's not the issue here
 
did you actually run the udpater and hit the update button? it won't find anything, just try that see what WSA says

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings