W32.Trojan.Gen false positives

I tried to submit this via a support ticket but it doesn't allow me to enter my password.
I uploaded one of the files, spriter.exe, to virustotal.com and it is only hitting on webroot so I'm thinking false positives.  Here is scan info from my log:
Mon 2017-04-24 16:03:51.0632 Performing cleanup entry: 8
Mon 2017-04-24 16:03:51.0927 End passive write scan (6 file(s))
Mon 2017-04-24 16:03:54.0036 Scan Started: [ID: 406 - Flags: 1575/128]
Mon 2017-04-24 16:04:35.0520 Infection detected: c:program filescanonprint studio procnpspapp.exe [MD5: CD90CC76609BEDB3C96D02A222840308] [3/00091411] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:35.0520 Infection detected: e:steamlibrarysteamappscommoncommand modern air naval operationscommand.exe [MD5: 899C8F65A68D4338D6A0DA097A3EDDB1] [3/10081001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:40.0929 Infection detected: c:usersandroappdata
oaminggamemaker-studioyycwindowsuapexex86winuaprunner.exe [MD5: 20FBBF64F5E1DF867E0005AF031D6B19] [3/00080011] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:50.0058 Infection detected: e:steamlibrarysteamappscommonattlezone 98 reduxattlezone98redux.exe [MD5: 0441A9C1B53AFB8FB5FF69F1AA03D9FD] [3/08080001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:56.0982 Infection detected: e:steamlibrarysteamappscommonspriterspriter.exe [MD5: 57B5433954076D20426A229E1BDC8D22] [3/00000001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:56.0982 Infection detected: e:steamlibrarysteamappscommoncommand modern air naval operationsgamemenu_cmanoautorun.exe [MD5: 5CEAC3EC1728E0C2926E3AD58A41D97C] [3/10081001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:59.0890 Infection detected: c:usersandroappdata
oaminggamemaker-studioyycwindowsuapexex64winuaprunner.exe [MD5: 9A0178B18C9DCE6589C8E6D1AC680207] [3/00090011] [W32.Trojan.Gen]
Mon 2017-04-24 16:05:00.0437 Scan Results: Files Scanned: 17929, Duration: 1m 6s, Malicious Files: 7
Mon 2017-04-24 16:05:00.0594 Scan Finished: [ID: 406 - Seq: 191448274]

37 replies

Userlevel 7
@, the entire Webroot organization is dedicated to addressing this issue. Webroot is rolling back the false positives and is making progress on a comprehensive resolution. Please ensure that all endpoints are on and connected to the internet to receive the automated fix. Please do not uninstall the product or delete quarantine. Business customers who would like to address the issue immediately can follow instructions posted on Webroot Support.
If you need additional assistance, please send our Team a support ticket to avoid heavy call volume.
Hey guys, we could really use some help getting just one machine working.  
We could then take it from there.
One of our client's primary applications was quarantined and it's not restoring.  
Please help!
Userlevel 7
Badge +48
Please see the most recent update here. We are closing that post to comments so that those who subscribe to it will only receive notifications when an official update is posted. Please continue the discussion in this forum. Thank you!
Userlevel 7
Badge +48
@ Happy to hear that! 
Userlevel 1
All reinstalled fine, THANKS!
Userlevel 7
Badge +48
We hear you @ and are working on this as fast as we can. We will update you as soon as we have more information. 
When is this going to be fixed?
Webroot is still killing off my XYplorer.exe process even after reinstalling fresh from their site.  I know this EXE is clean.
This is ridiculous.
What happened? someone flipped the wrong switch on a Definitions update?
Userlevel 7
Badge +48
Between 12PM – 3PM MTN today Webroot falsely identified a safe file as a threat. Customers whose apps were trying to use this file during the 12PM-3PM MTN window could have received a red block screen and followed instructions to quarantine the good file.  To resolve the issue we need customers to restore the quarantined file. Please follow the steps below to un-quarantine and restore the file:
  1. Open the Webroot application by double-clicking the W icon found in the system tray at the bottom of your screen.
  2. On the Webroot home screen select “Scan My Computer.”
  3. Once the scan completes and you’re back on the Webroot home screen, click on the cog icon found next to PC Security. 
  4. Click the “Quarantine” tab.
  5. Note where the date and time of the files quarantined is shown on the right of the screen.
  6. Identify every file listed for Mon 2017-04-24 with a time stamp between 12PM – 3PM MTN
  7. Click the check box on the left hand side of the screen next to all the files you identified in step 6.
  8. Click the “Restore” button located in the bottom right of the screen to un-quarantine the file.
  9. When prompted “If you’re sure you want to roll back the selected entries…” choose “Yes”.
  10. Depending on how many files that are being restored this could take several minutes to complete the action.
  11. Return to the home screen and scan once more to make sure the issue is resolved.
Userlevel 1
I've Shut down my Webroot until someone "official" posts it is fixed. The files it wiped on mine were from an install program and Ireinstalled it and all is good, just no AV.
the bigger problem is that there ARE SOME FILES that have been autodeleted without use of Quarantine, i have some but all i can recover through Steam Valadating
Userlevel 7
Please restore the files from Quarantine to resolve this issue.
1. From the system tray, double-click the Webroot icon.
2. Click the PC Security gear icon.
3. Click the Quarantine Tab.
4. Select the items in question and press the blue arrow Restore button at the bottom right.
Run a scan after restoring the files from the Quarantine to confirm it has been resolved.
Business users please read here.
Webroot -
Please at least provide what we should be making the policy set to to avoid the issue...
We are finding at least a 20 minute lag time on the restores. I would not uninstall since you may lose your quarantine items...
Userlevel 1
Trying to restore files from quarantine, I tried from the web console and refreshed config, no go yet. Also tried to restore from the machine itself but says it is managed by the web console. Do you have a recommended method to restore files deleted by this issue? I have locked my door and hiding from the users until I have an answer.
this also happened to me...it also is preventing me AS THE ADMIN to even put anything thats flagged in....saying i dont have permission
Add Altium Designer (dxp.exe) to the list of false positives.  WR deleted the .exe and now won't allow re-download or re-installation of the software. Not good.
Hopefully we can get notified when it is fixed. We'll uninstall Webroot until a fix is available since we've never seen any way to just disable it (without reactivating on reboot).
the SteamVR stuff i can recover and the small apps...this could of been a WHOLE LOT WORSE to me ;w; i kinda feel bad to the ones that get like EVERYTHING paned
I have turned off scheduled scan and real-time shield until a fix has been pushed out. It won't undo any damage already done but will hopefully help mitigate further false positives.
Userlevel 1
Is there a way to get all the false positives that have deleted automatically? This is going to be a nightmare for us otherwise.
Our helpdesk blew up this afternoon.  Please revert whatever change was made today
Userlevel 7
Thanks for the update, freydrew, much obliged.
I am sure that the Support & Development Teams are working flat out and will have the issue sorted very shortly...as they usually do.
Regards, Baldrick
This is brutal. It's detecting all kinds of files and causing our clients major grief.  It's affect about eight of our managed clients.
Userlevel 7
Badge +48
Hey everyone, we are aware of a rule change causing technical issues. Our team is working to restore functionality. We will provide updates as info becomes available.
Thank you for your patience and sticking with us while we troubleshoot this issue. 
More to come as soon as we have it.