Web Threat Shield on Firefox

  • 1 February 2015
  • 61 replies
  • 735 views

Userlevel 1
I have a peculiar issue.  I purchased Webroot SecureAnywhere for three devices.  I have it installed on two different laptops I own, but the web threat shield seems to only work on my older, non-preferred laptop.  The Web Threat shield seems to be enabled on both PCs.  Details follow.
 
Older PC
SecureAnywhere v8.0.6.44
Firefox version 35.0.1
Windows 7 Home Premium SP1, 64 bit
 
Web Threat Shield seems to work - search results show a dark green circle with a check mark, light green circle with a checkmark, yellow circle with a dash or orange circle with an exclamation point.
 
New PC
SecureAnywhere v8.0.6.44
Firefox version 35.0.1
Windows 8.1, 64 bit
 
Web Threat Shield doesn't show me any of the icons for search results. 
 
Most concerning is that I initially was blocked from visiting a page from a weather forecaster I follow on Facebook.  It shows as an orangle circle with an exclamation point.  Webroot listed it as a suspicious threat, "This is a suspicious site. There is a higher than average probability that you will be exposed to malicious links or payloads."  My new PC which I love and adore allowed me to connect to the page without issues. 
 
I am hoping someone way smarter than me can help.  If it serves any purpose, the website I was denied access to was http://illinoisstormchasers.com/.  As I said, orange circle with an exclamation point, so proceed with caution.  The owner of the page indicated he was seeing nothing nefarious with his site, details on why Webroot considers it malicious would be a nice bonus. 
 
The biggest thing though - I want to make sure my shiny, new Ferrari of a laptop is protected from mailicious websites and I fear it may not be currently.
 
Many thanks!
 

61 replies

Userlevel 4
Some oldies then


 
Userlevel 2
Davidco:
I agree with you. See my response to Webroot and their responses I got back. Not what I would consider a real solution...
 
Your Message to Tech support(Jun 8, 2015 21:17)Thanks for the info.
I did what you said and so far all seems OK now. I'll report back if the problem returns.
One question though...I would not have know that the WRData folder had gotten so bloated had it not been for the fact that I just started having problems with WR. I went back to my oldest backup image, which is 3 weeks old and it too showed the bloated WRData folder. I didn't start having problems till this past Thursday. Obviously this folder had gotten bloated weeks before the problem started.
Shouldn't Webroot be monitoring that folder so that it doesn't get so large and repair it or at least alert us to the issue?
 
Webroot Support (Jun 8, 2015 22:20) RE:Thanks for the info.
That folder holds all our monitoring information, your installation of SecureAnywhere was old(3+ years), so the folder you are looking at is our records for all our monitoring.

Should you have additional questions, please send us a reply in the "Send another message"

Thanks,

The Webroot Support Team
 
 
Your Message (Jun 9, 2015 13:59)I think you just proved my point. You said..."your installation of SecureAnywhere was old..." Are you suggesting to me that I should routinely uninstall and then re-install WR in order to keep the WRData folder from getting so large? Seriously...that seems to be a very inconvenient way to keep the WRdata folder's monitoring records from getting out of hand.
WR should have a way to purge old monitoring files on a routine basis. Or at least give us a notification from time to time about the bloat and the ability to delete these old files without having to do all the steps you outlined on June 8th to completely uninstall WR, reboot then rename WRData folder, re-install WR then reboot and then delete the old WRData folder. Really!
This needs to be addressed.
 
Webroot Support (Jun 9, 2015)Hello,
There are a lot of reasons why the WRData folder can get big like that, time with a lot of other factors are involved in this.

It is an good idea to uninstall and reinstall any program :anti-virus,web browser, or even an operating system.

Thank you for submitting this feature enhancement request.

We would also like to invite you to post your idea on the Webroot Community Ideas Exchange.

The Ideas Exchange is an online forum where you can vote on and discuss ideas. Ideas submitted on the Webroot Community will be reviewed by our Development team, and considerations such as the number of votes, practicality, and feasibility of implementation will be taken into account when planning future releases.

Should you have additional questions, please send us a reply in the "Send another message"

Thanks,

The Webroot Support Team
 
As you can see I don't believe the solution proposed by WR is a resonable one.
Anyone else care to agree or disagree with me?  
Userlevel 4
Ouch!
I did not expect this from Webroot
"It is an good idea to uninstall and reinstall any program :anti-virus,web browser, or even an operating system."
My O/S has been running since '08 & I have never tried to uninstall IE? FireFox is still here as well.
Once upon a time O/S refreshes were common enough due to corruption caused by, well, various things but these days I do not see a good reason to generalize like above.
However if that is the word from Webroot?
David
 
ps: I have not heard back from TH yet, maybe I'll wait.
 
Userlevel 2
Yea I was shocked as well by the response from WR.
I've use WR's product for many years and have been satisfied with the different iterations over the years, however, this response seems to me to be one of  "unless we get an overwhelming number of complaints...let's not worry about it" kind of attitude. Which is unfortunate because although I've been a loyal WR user, it isn't the only game in town.
SG
Userlevel 7
Badge +56
I have pinged my contacts again so hopefully someone can explain more on this!
 
Thanks,
 
Daniel 😉
Userlevel 7
Badge +56
Sorry that you didn't get a better answer.  I checked with folks here and we are working on having WSA remove the old data for a process that was monitored and then whitelisted.  I don't have an ETA on that yet, but once that rolls out it should take care of the folder growing continuously in size.
Userlevel 7
Badge +56
@ it was already in WSA here: https://community.webroot.com/t5/Announcements-and-Release-Notes/PC-Release-Notes-8-0-4-42/m-p/71323#M349 is it now broken?
 
Thanks,
 
Daniel
Userlevel 7
Badge +56
Let me see what I can find out about that.  My guess is maybe that feature didn't work properly and needs to be improved.  I'll post again when I find out more.
Userlevel 4
TH
You beat me to it. Do you live in the forums by any chance:D
 
SG
Like you I have lived with WSA for a while and whilst it is not the only 'game in town'  it is, I think, the only one I know with 'business class' support for the home user. At my advanced age that is worth a lot.
David
 
 
Userlevel 7
Badge +56
Thanks Nic!
 
Daniel
Userlevel 2
davidco:
While I agree with you on the level of service (even if it is by forum and online support) I would hope for better support answers than I was given.
I realize tech support, by its very nature, is difficult at best, considering the hundreds of thousands of different computer setups and level of understanding by the average user, that the tech support personal has to deal with, so I don't really fault the individual who gave me their response. But at MY advanced age (I bet I'm way older than you)...I don't have the tolerance any longer for half baked answers.
Hope they come up with a reasonable solution...soon.
SG
Userlevel 4
I think Nic & TH will post soon.
Biblical age here.
 
Userlevel 7
Badge +56
I got more info - apparently this has been just on the other side of the line in terms of dev priorities for a while.  We're still planning on addressing it so it should make it in to one of the upcoming updates over the next quarter or so.
Userlevel 4
Cheers nic
I'll wait, a couple of GB isn't an issue anyway. I never even noticed until reading the posts.
Bye
David
 
Userlevel 2
Thanks for the update Nic.
Hope this will be a non-issue soon.
SG
Userlevel 2
Nic
I have a point of information question.
Why can't we just simply delete any of the db files in the WRData folder that get very large without having to first uninstall WR, rename the WRdata file, install WR and then delete the renamed WRData file?
As a test, I deleted one of the db files, in the WRdata folder, that had quickly grown to 600megs and have not seen any problem with WR to date.
Userlevel 7
Badge +56
It's best to Contact Support to get your files whitelisted then you can delete the db.numbers.db files after they reply to you and do a scan, there is no need to do a clean reinstall of WSA, but if you don't get your files whitelisted it will keep growing so no need to make it more difficult IMO. And I would not suggest to do it the way you are to others as you don't know if WSA is monitoring Malware sorry.
 
Thanks,
 
Daniel ;)
 

Userlevel 2
Here is why I deleted it.
When I contacted WR support, I explained the bloated WRData folder and asked if they needed to look at the db files to whitelist them so that I could delete them.
What I got was instructions on uninstalling, renaming, reinstalling and then deleting the old WRdata folder.  Never once did they try to look at the files or whitelist them. When I told them that I had done this already, they just repeated the steps to uninstall/reinstall.
So I just deleted one to see what would happen.  So far it hasn't come back. 
I realize that this probably is not the best thing to do, but without any real guidance from WR it just seemed worth trying first before the uninstall/reinstall steps anyway.
Userlevel 7
Badge +7
Hi SG,
 
I agree with Daniel on getting the files whitelisted and not needing to do a complete reinstall.  I have come across the same anomaly as you and I have removed the files also. 
 
Before deleting the files I take a few additional steps:
1) I save a scan log and search for the number mentioned in the file name to see what file is being monitored and if it is one that I have a degree of confidence in being ok.
 
2) I run a single file scan on the suspect file(s) with WSA and a couple of other second opinion scanners.
 
If all comes up clean, I add the files to the WSA "Block/Allow Files" list and mark them Allow so they will not be a problem again and then  I delete the numbered files.  Be advised, this is dangerous unless you are 100% sure the files are clean and you have complete trust in them being safe, because WSA will do as you ask and not pay attention to them again.
 
If I am only 99% sure I copy the numbered files to a temp location and keep them until I am comfortable in deleting them.
 
Moral of the story, Daniel’s solution is the best, but you have alternatives it you are willing to risk it.  By the way, I do daily backups . ;)
 
Best regards,
Dave
Userlevel 2
Thanks Dave for the advise.
I would prefer doing the way Daniel said, but as I mentioned...when I tried that, I got the just uninstall/reinstall with no mention of getting the files to WR for whitelisting.
I do 2 image backups a day so I can easily put it back and then follow your steps.
Thanks,
SG
Userlevel 7
Badge +56
In the Ticket I put "Can you please Whitelist my files" as a scan log is uploaded during the time of submission of the support ticket and the reply:
 
"Hello,

Thank you for your report. After analyzing the automatically attached logs, we have white-listed the unknown processes which SecureAnywhere had been monitoring on your system.

We ask that you run a new scan of your computer now (click "Scan My Computer" in the Overview window of SecureAnywhere). Please let us know if the same issue persists after this scan.

Regards,

The Webroot Advanced Malware Removal Team"
 
Also from the Drop Down Choose Threat Found - False Postive. So I have never had an issue asking them to Whitelist my files and I do a scan then I delete the db.numbers.db files only and please don't remove any other db files!
 
HTH,
 
Daniel ;)
Userlevel 4
TH
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
 
Userlevel 7
Badge +56
@ wrote:
TH
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
 
I'm not sure as far as I know when anyone contacts support a scan log is uploaded in the back ground maybe someone from support can explain more then I can on this! @ @ @ @
 
Thanks,
 
Daniel 😉
Userlevel 7
Badge +35
For the most part, logs are uploaded automatically with every ticket - the logs are in @'s ticket and I'll go ahead and get the Unknowns whitelisted.
 
-Dan
Userlevel 7
Badge +56
Thanks @ it's much appreciated!
 
Daniel 😉

Reply