I have a peculiar issue. I purchased Webroot SecureAnywhere for three devices. I have it installed on two different laptops I own, but the web threat shield seems to only work on my older, non-preferred laptop. The Web Threat shield seems to be enabled on both PCs. Details follow.
Firefox version 35.0.1
Windows 7 Home Premium SP1, 64 bit
Web Threat Shield seems to work - search results show a dark green circle with a check mark, light green circle with a checkmark, yellow circle with a dash or orange circle with an exclamation point.
Firefox version 35.0.1
Windows 8.1, 64 bit
Web Threat Shield doesn't show me any of the icons for search results.
Most concerning is that I initially was blocked from visiting a page from a weather forecaster I follow on Facebook. It shows as an orangle circle with an exclamation point. Webroot listed it as a suspicious threat, "This is a suspicious site. There is a higher than average probability that you will be exposed to malicious links or payloads." My new PC which I love and adore allowed me to connect to the page without issues.
I am hoping someone way smarter than me can help. If it serves any purpose, the website I was denied access to was http://illinoisstormchasers.com/. As I said, orange circle with an exclamation point, so proceed with caution. The owner of the page indicated he was seeing nothing nefarious with his site, details on why Webroot considers it malicious would be a nice bonus.
The biggest thing though - I want to make sure my shiny, new Ferrari of a laptop is protected from mailicious websites and I fear it may not be currently.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
I have 2.5GB now.
I do have them occasionally, but usually it is only when I install utility type apps that access or otherwise impact the OS, hard drive, and etc. I can just about tell you when I am going to have them show up and it is almost always when I install one of these utilities. Other than that, my WRDATA directory is usually pretty clean and consistently has the same number of files.
DJ...are you saying you normally have no numbered db files? I don't think I've ever had none in my WRData folder.
I just verified that it will work. I checked my WRDATA directory and it had no numbered files. I deliberately ran an install file that I knew it would pick up and sure enough when I looked in WRDATA there were two new numbered files. I saved a scan log and looking toward the bottom of the file, it had both files identified by name and path.
So I would guess as has been said already, if they have been whitelisted it will not pick them up to be monitored.
Edit: Tip: only use the number when searching the scan log, not the db in front or the extension.
I just ran a new scan log and saved it to the Desktop. Then I search for a large DB file that was residing in the WRData folder, in this log but found nothing?
I recall that way back one of the Webrooter's explained where to look in the Registry for the association of each db.nnnnnn.db file with file path of the app that it refers to...but I cannot find it any more.
I will look again and if I find it I will distribute the information in the PUG.
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
Thank you for your report. After analyzing the automatically attached logs, we have white-listed the unknown processes which SecureAnywhere had been monitoring on your system.
We ask that you run a new scan of your computer now (click "Scan My Computer" in the Overview window of SecureAnywhere). Please let us know if the same issue persists after this scan.
The Webroot Advanced Malware Removal Team"
Also from the Drop Down Choose Threat Found - False Postive. So I have never had an issue asking them to Whitelist my files and I do a scan then I delete the db.numbers.db files only and please don't remove any other db files!
I would prefer doing the way Daniel said, but as I mentioned...when I tried that, I got the just uninstall/reinstall with no mention of getting the files to WR for whitelisting.
I do 2 image backups a day so I can easily put it back and then follow your steps.
I agree with Daniel on getting the files whitelisted and not needing to do a complete reinstall. I have come across the same anomaly as you and I have removed the files also.
Before deleting the files I take a few additional steps:
1) I save a scan log and search for the number mentioned in the file name to see what file is being monitored and if it is one that I have a degree of confidence in being ok.
2) I run a single file scan on the suspect file(s) with WSA and a couple of other second opinion scanners.
If all comes up clean, I add the files to the WSA "Block/Allow Files" list and mark them Allow so they will not be a problem again and then I delete the numbered files. Be advised, this is dangerous unless you are 100% sure the files are clean and you have complete trust in them being safe, because WSA will do as you ask and not pay attention to them again.
If I am only 99% sure I copy the numbered files to a temp location and keep them until I am comfortable in deleting them.
Moral of the story, Daniel’s solution is the best, but you have alternatives it you are willing to risk it. By the way, I do daily backups . ;)
When I contacted WR support, I explained the bloated WRData folder and asked if they needed to look at the db files to whitelist them so that I could delete them.
What I got was instructions on uninstalling, renaming, reinstalling and then deleting the old WRdata folder. Never once did they try to look at the files or whitelist them. When I told them that I had done this already, they just repeated the steps to uninstall/reinstall.
So I just deleted one to see what would happen. So far it hasn't come back.
I realize that this probably is not the best thing to do, but without any real guidance from WR it just seemed worth trying first before the uninstall/reinstall steps anyway.
I have a point of information question.
Why can't we just simply delete any of the db files in the WRData folder that get very large without having to first uninstall WR, rename the WRdata file, install WR and then delete the renamed WRData file?
As a test, I deleted one of the db files, in the WRdata folder, that had quickly grown to 600megs and have not seen any problem with WR to date.
Hope this will be a non-issue soon.
I'll wait, a couple of GB isn't an issue anyway. I never even noticed until reading the posts.
Biblical age here.