I have a peculiar issue. I purchased Webroot SecureAnywhere for three devices. I have it installed on two different laptops I own, but the web threat shield seems to only work on my older, non-preferred laptop. The Web Threat shield seems to be enabled on both PCs. Details follow.
Firefox version 35.0.1
Windows 7 Home Premium SP1, 64 bit
Web Threat Shield seems to work - search results show a dark green circle with a check mark, light green circle with a checkmark, yellow circle with a dash or orange circle with an exclamation point.
Firefox version 35.0.1
Windows 8.1, 64 bit
Web Threat Shield doesn't show me any of the icons for search results.
Most concerning is that I initially was blocked from visiting a page from a weather forecaster I follow on Facebook. It shows as an orangle circle with an exclamation point. Webroot listed it as a suspicious threat, "This is a suspicious site. There is a higher than average probability that you will be exposed to malicious links or payloads." My new PC which I love and adore allowed me to connect to the page without issues.
I am hoping someone way smarter than me can help. If it serves any purpose, the website I was denied access to was http://illinoisstormchasers.com/. As I said, orange circle with an exclamation point, so proceed with caution. The owner of the page indicated he was seeing nothing nefarious with his site, details on why Webroot considers it malicious would be a nice bonus.
The biggest thing though - I want to make sure my shiny, new Ferrari of a laptop is protected from mailicious websites and I fear it may not be currently.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Welcome to the Community Forums.
Well, the first thing that I would do is to check for updates (either rightclick on the notification icon and select 'Check for Updates' or go into the main app, click on the gear/cog to the right of 'My Account', and from the panel that opens select the 'About SecureAnyWhere tab. On that tab you need to click on the 'Check for software updates'.
The reason I say this is that the latest current version is v22.214.171.124, and so if what you have listed is true you are some way behind the latest version. Updates should be 'pushed' to you and silent...but that does not always happen, etc.
Just to ket you know that there are changes coming to the Web Threat Shield in terms of how it is works and what is used but we are still waiting for these to come out of the beat channel and into the release one.
What yo could also try, which sometimes works, is to uninstall Firefox, reboot, download a fresh copy of the full installer, install from that, reboot and then try to see if when next running Firefox you get prompted to allow the extension.
Finally, in terms of the 'nefarious' site; all I can say on that is (i) there a few cases of false positives and the way around that temporarily would be to click on the 'Unbloc and proceed' button in the bottom lefthand corner of the blcok screen...this will 'whitelist' the site for you locally and so should remove the block screen on future access attempts, plus it will also notify the Threat Researchers of the override and prompt them to investigate.
In addition, you or the website owner my go to this site, (just follow the on screen instructions) to see how the site is classified by Webroot and then to this site, (it is self explanatory) and submit a URL Reputation Change Request to try to get the classification changed and therefore the Threat Shield response to be different.
Hope that all helps? If not please feel free to come back with further quyestions.
Thanks for the head's up on the most up-to-date version of the software. I have received an update, but not all the way to the version you indicated. I have included a screenshot illustrating the new version (v126.96.36.199) as well as the message received when requesting that it seek the update.
Many thanks for your help Baldrick!
I agree with Daniel on getting the files whitelisted and not needing to do a complete reinstall. I have come across the same anomaly as you and I have removed the files also.
Before deleting the files I take a few additional steps:
1) I save a scan log and search for the number mentioned in the file name to see what file is being monitored and if it is one that I have a degree of confidence in being ok.
2) I run a single file scan on the suspect file(s) with WSA and a couple of other second opinion scanners.
If all comes up clean, I add the files to the WSA "Block/Allow Files" list and mark them Allow so they will not be a problem again and then I delete the numbered files. Be advised, this is dangerous unless you are 100% sure the files are clean and you have complete trust in them being safe, because WSA will do as you ask and not pay attention to them again.
If I am only 99% sure I copy the numbered files to a temp location and keep them until I am comfortable in deleting them.
Moral of the story, Daniel’s solution is the best, but you have alternatives it you are willing to risk it. By the way, I do daily backups . ;)
That's right. This is the latest version.( Stable release)
Please have a look at this Thread Here and hope it answers your question.
With an uninstall/reinstall will fix this but if you have alot of unknown folders in the dastabase then they may need to be whitelisted anyways by submitting a Support Ticket, as
Well, if you feel that there is a need for this then why not make it 'official' and open a Feature Request (link at the top of every page just left of centre) so that (i) the Development Team are aware of this, (ii) other users can comments and support the idea if they agree & (iii) the Development Team will provide a status update from time to time in terms of whether or not the idea is reviewed, under consideration, accepted, under development, etc.
It is the best way to move this forward.
You beat me to it. Do you live in the forums by any chance:D
Like you I have lived with WSA for a while and whilst it is not the only 'game in town' it is, I think, the only one I know with 'business class' support for the home user. At my advanced age that is worth a lot.
Thank you for your report. After analyzing the automatically attached logs, we have white-listed the unknown processes which SecureAnywhere had been monitoring on your system.
We ask that you run a new scan of your computer now (click "Scan My Computer" in the Overview window of SecureAnywhere). Please let us know if the same issue persists after this scan.
The Webroot Advanced Malware Removal Team"
Also from the Drop Down Choose Threat Found - False Postive. So I have never had an issue asking them to Whitelist my files and I do a scan then I delete the db.numbers.db files only and please don't remove any other db files!
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
I just verified that it will work. I checked my WRDATA directory and it had no numbered files. I deliberately ran an install file that I knew it would pick up and sure enough when I looked in WRDATA there were two new numbered files. I saved a scan log and looking toward the bottom of the file, it had both files identified by name and path.
So I would guess as has been said already, if they have been whitelisted it will not pick them up to be monitored.
Edit: Tip: only use the number when searching the scan log, not the db in front or the extension.
I do have them occasionally, but usually it is only when I install utility type apps that access or otherwise impact the OS, hard drive, and etc. I can just about tell you when I am going to have them show up and it is almost always when I install one of these utilities. Other than that, my WRDATA directory is usually pretty clean and consistently has the same number of files.
Apologies...that should have been v188.8.131.52 rather than .26...I can find none and suspect that it is far too new for them to have been issued. So to check I just went over to the website and downloaded a trail version of the installer, which definitively gave the version as v184.108.40.206...so I do not think that I am misinformed or getting confused with the beta channel.
EDIT: Just me getting my '66s' & '26s' completely mixed up...should be .26...LOL
I suspect that Release Notes will be out shortly.
I just rebooted for the 3rd time and now the threat icon is working.