Web Threat Shield on Firefox


I have a peculiar issue.  I purchased Webroot SecureAnywhere for three devices.  I have it installed on two different laptops I own, but the web threat shield seems to only work on my older, non-preferred laptop.  The Web Threat shield seems to be enabled on both PCs.  Details follow.
 
Older PC
SecureAnywhere v8.0.6.44
Firefox version 35.0.1
Windows 7 Home Premium SP1, 64 bit
 
Web Threat Shield seems to work - search results show a dark green circle with a check mark, light green circle with a checkmark, yellow circle with a dash or orange circle with an exclamation point.
 
New PC
SecureAnywhere v8.0.6.44
Firefox version 35.0.1
Windows 8.1, 64 bit
 
Web Threat Shield doesn't show me any of the icons for search results. 
 
Most concerning is that I initially was blocked from visiting a page from a weather forecaster I follow on Facebook.  It shows as an orangle circle with an exclamation point.  Webroot listed it as a suspicious threat, "This is a suspicious site. There is a higher than average probability that you will be exposed to malicious links or payloads."  My new PC which I love and adore allowed me to connect to the page without issues. 
 
I am hoping someone way smarter than me can help.  If it serves any purpose, the website I was denied access to was http://illinoisstormchasers.com/.  As I said, orange circle with an exclamation point, so proceed with caution.  The owner of the page indicated he was seeing nothing nefarious with his site, details on why Webroot considers it malicious would be a nice bonus. 
 
The biggest thing though - I want to make sure my shiny, new Ferrari of a laptop is protected from mailicious websites and I fear it may not be currently.
 
Many thanks!
 

61 replies

Userlevel 4
Is there any 'sign' of the update to clear old data. V9 it isn't, afaik.
I have 2.5GB now.
 
Userlevel 7
Badge +7
SG,
I do have them occasionally, but usually it is only when I install utility type apps that access or otherwise impact the OS, hard drive, and etc.  I can just about tell you when I am going to have them show up and it is almost always when I install one of these utilities.  Other than that, my WRDATA directory is usually pretty clean and consistently has the same number of files.
 
Dave 
Userlevel 2
Daniel, Thanks for the info...I'll delete it.
DJ...are you saying you normally have no numbered db files? I don't think I've ever had none in my WRData folder.
Userlevel 7
Badge +7
Hi SG,
 
I just verified that it will work.  I checked my WRDATA directory and it had no numbered files.  I deliberately ran an install  file that I knew it would pick up and sure enough when I looked in WRDATA there were two new numbered files.  I saved a scan log and looking toward the bottom of the file, it had both files identified by name and path.
 
So I would guess as has been said already, if they have been whitelisted it will not pick them up to be monitored.
 
Best regards,
Dave
 
Edit: Tip: only use the number when searching the scan log, not the db in front or the extension.
Userlevel 7
Badge +55
Yes once they are whitelisted!
 

Userlevel 2
Is it normal to find a db file in WRData folder that isn't in the Scan Log?
I just ran a new scan log and saved it to the Desktop. Then I search for a large DB file that was residing in the WRData folder, in this log but found nothing?
Userlevel 7
You are most likely right but personally I do like to try to work out exactly what the .db files relate to before I delete them.
 
Baldrick
Userlevel 7
Badge +55
It's to much work for the average user but once the files are whitelisted and do a scan then one can delete the db.numbers.db files nice and simple untill they get it fixed again with Self Cleaning of old Monitoring Data files.
 
Daniel
Userlevel 7
Hi Daniel
 
I recall that way back one of the Webrooter's explained where to look in the Registry for the association of each db.nnnnnn.db file with file path of the app that it refers to...but I cannot find it any more.
 
I will look again and if I find it I will distribute the information in the PUG.
 
Regards, Baldrick
Userlevel 7
Badge +55
No but after a Scan you can delete the db.numbers.db files.
 
Daniel
Userlevel 2
Dan when these files are whitelisted are they deleted automatically from my WRdata folder?
Userlevel 7
Badge +55
Thanks @ it's much appreciated!
 
Daniel 😉
Userlevel 7
Badge +32
For the most part, logs are uploaded automatically with every ticket - the logs are in @'s ticket and I'll go ahead and get the Unknowns whitelisted.
 
-Dan
Userlevel 7
Badge +55
@ wrote:
TH
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
 
I'm not sure as far as I know when anyone contacts support a scan log is uploaded in the back ground maybe someone from support can explain more then I can on this! @ @ @ @
 
Thanks,
 
Daniel 😉
Userlevel 4
TH
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
 
Userlevel 7
Badge +55
In the Ticket I put "Can you please Whitelist my files" as a scan log is uploaded during the time of submission of the support ticket and the reply:
 
"Hello,

Thank you for your report. After analyzing the automatically attached logs, we have white-listed the unknown processes which SecureAnywhere had been monitoring on your system.

We ask that you run a new scan of your computer now (click "Scan My Computer" in the Overview window of SecureAnywhere). Please let us know if the same issue persists after this scan.

Regards,

The Webroot Advanced Malware Removal Team"
 
Also from the Drop Down Choose Threat Found - False Postive. So I have never had an issue asking them to Whitelist my files and I do a scan then I delete the db.numbers.db files only and please don't remove any other db files!
 
HTH,
 
Daniel ;)
Userlevel 2
Thanks Dave for the advise.
I would prefer doing the way Daniel said, but as I mentioned...when I tried that, I got the just uninstall/reinstall with no mention of getting the files to WR for whitelisting.
I do 2 image backups a day so I can easily put it back and then follow your steps.
Thanks,
SG
Userlevel 7
Badge +7
Hi SG,
 
I agree with Daniel on getting the files whitelisted and not needing to do a complete reinstall.  I have come across the same anomaly as you and I have removed the files also. 
 
Before deleting the files I take a few additional steps:
1) I save a scan log and search for the number mentioned in the file name to see what file is being monitored and if it is one that I have a degree of confidence in being ok.
 
2) I run a single file scan on the suspect file(s) with WSA and a couple of other second opinion scanners.
 
If all comes up clean, I add the files to the WSA "Block/Allow Files" list and mark them Allow so they will not be a problem again and then  I delete the numbered files.  Be advised, this is dangerous unless you are 100% sure the files are clean and you have complete trust in them being safe, because WSA will do as you ask and not pay attention to them again.
 
If I am only 99% sure I copy the numbered files to a temp location and keep them until I am comfortable in deleting them.
 
Moral of the story, Daniel’s solution is the best, but you have alternatives it you are willing to risk it.  By the way, I do daily backups . ;)
 
Best regards,
Dave
Userlevel 2
Here is why I deleted it.
When I contacted WR support, I explained the bloated WRData folder and asked if they needed to look at the db files to whitelist them so that I could delete them.
What I got was instructions on uninstalling, renaming, reinstalling and then deleting the old WRdata folder.  Never once did they try to look at the files or whitelist them. When I told them that I had done this already, they just repeated the steps to uninstall/reinstall.
So I just deleted one to see what would happen.  So far it hasn't come back. 
I realize that this probably is not the best thing to do, but without any real guidance from WR it just seemed worth trying first before the uninstall/reinstall steps anyway.
Userlevel 7
Badge +55
It's best to Contact Support to get your files whitelisted then you can delete the db.numbers.db files after they reply to you and do a scan, there is no need to do a clean reinstall of WSA, but if you don't get your files whitelisted it will keep growing so no need to make it more difficult IMO. And I would not suggest to do it the way you are to others as you don't know if WSA is monitoring Malware sorry.
 
Thanks,
 
Daniel ;)
 

Userlevel 2
Nic
I have a point of information question.
Why can't we just simply delete any of the db files in the WRData folder that get very large without having to first uninstall WR, rename the WRdata file, install WR and then delete the renamed WRData file?
As a test, I deleted one of the db files, in the WRdata folder, that had quickly grown to 600megs and have not seen any problem with WR to date.
Userlevel 2
Thanks for the update Nic.
Hope this will be a non-issue soon.
SG
Userlevel 4
Cheers nic
I'll wait, a couple of GB isn't an issue anyway. I never even noticed until reading the posts.
Bye
David
 
Userlevel 7
Badge +56
I got more info - apparently this has been just on the other side of the line in terms of dev priorities for a while.  We're still planning on addressing it so it should make it in to one of the upcoming updates over the next quarter or so.
Userlevel 4
I think Nic & TH will post soon.
Biblical age here.
 

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings