Web Threat Shield on Firefox

  • 1 February 2015
  • 61 replies
  • 735 views

Userlevel 1
I have a peculiar issue.  I purchased Webroot SecureAnywhere for three devices.  I have it installed on two different laptops I own, but the web threat shield seems to only work on my older, non-preferred laptop.  The Web Threat shield seems to be enabled on both PCs.  Details follow.
 
Older PC
SecureAnywhere v8.0.6.44
Firefox version 35.0.1
Windows 7 Home Premium SP1, 64 bit
 
Web Threat Shield seems to work - search results show a dark green circle with a check mark, light green circle with a checkmark, yellow circle with a dash or orange circle with an exclamation point.
 
New PC
SecureAnywhere v8.0.6.44
Firefox version 35.0.1
Windows 8.1, 64 bit
 
Web Threat Shield doesn't show me any of the icons for search results. 
 
Most concerning is that I initially was blocked from visiting a page from a weather forecaster I follow on Facebook.  It shows as an orangle circle with an exclamation point.  Webroot listed it as a suspicious threat, "This is a suspicious site. There is a higher than average probability that you will be exposed to malicious links or payloads."  My new PC which I love and adore allowed me to connect to the page without issues. 
 
I am hoping someone way smarter than me can help.  If it serves any purpose, the website I was denied access to was http://illinoisstormchasers.com/.  As I said, orange circle with an exclamation point, so proceed with caution.  The owner of the page indicated he was seeing nothing nefarious with his site, details on why Webroot considers it malicious would be a nice bonus. 
 
The biggest thing though - I want to make sure my shiny, new Ferrari of a laptop is protected from mailicious websites and I fear it may not be currently.
 
Many thanks!
 

61 replies

Userlevel 7
Hi mr_bunco
 
Welcome to the Community Forums.
 
Well, the first thing that I would do is to check for updates (either rightclick on the notification icon and select 'Check for Updates' or go into the main app, click on the gear/cog to the right of 'My Account', and from the panel that opens select the 'About SecureAnyWhere tab.  On that tab you need to click on the 'Check for software updates'.
 
The reason I say this is that the latest current version is v8.0.7.66, and so if what you have listed is true you are some way behind the latest version.  Updates should be 'pushed' to you and silent...but that does not always happen, etc.
 
Just to ket you know that there are changes coming to the Web Threat Shield in terms of how it is works and what is used but we are still waiting for these to come out of the beat channel and into the release one.
 
What yo could also try, which sometimes works, is to uninstall Firefox, reboot, download a fresh copy of the full installer, install from that, reboot and then try to see if when next running Firefox you get prompted to allow the extension.
 
Finally, in terms of the 'nefarious' site; all I can say on that is (i) there a few cases of false positives and the way around that temporarily would be to click on the 'Unbloc and proceed' button in the bottom lefthand corner of the blcok screen...this will 'whitelist' the site for you locally and so should remove the block screen on future access attempts, plus it will also notify the Threat Researchers of the override and prompt them to investigate.
 
In addition, you or the website owner my go to this site, (just follow the on screen instructions) to see how the site is classified by Webroot and then to this site, (it is self explanatory) and submit a URL Reputation Change Request to try to get the classification changed and therefore the Threat Shield response to be different.
 
Hope that all helps?  If not please feel free to come back with further quyestions.
 
Regards, Baldrick
Userlevel 1
"Allowing the extension" was the key phrase in your response that fixed the issue for me.  The extension was disabled in Firefox on the new PC.  A wee bit embarrassing to be honest.  :$
 
Thanks for the head's up on the most up-to-date version of the software.  I have received an update, but not all the way to the version you indicated.  I have included a screenshot illustrating the new version (v8.0.7.26) as well as the message received when requesting that it seek the update.
 
Many thanks for your help Baldrick!
 

Userlevel 7
Badge +7
Hi SG,
 
I agree with Daniel on getting the files whitelisted and not needing to do a complete reinstall.  I have come across the same anomaly as you and I have removed the files also. 
 
Before deleting the files I take a few additional steps:
1) I save a scan log and search for the number mentioned in the file name to see what file is being monitored and if it is one that I have a degree of confidence in being ok.
 
2) I run a single file scan on the suspect file(s) with WSA and a couple of other second opinion scanners.
 
If all comes up clean, I add the files to the WSA "Block/Allow Files" list and mark them Allow so they will not be a problem again and then  I delete the numbered files.  Be advised, this is dangerous unless you are 100% sure the files are clean and you have complete trust in them being safe, because WSA will do as you ask and not pay attention to them again.
 
If I am only 99% sure I copy the numbered files to a temp location and keep them until I am comfortable in deleting them.
 
Moral of the story, Daniel’s solution is the best, but you have alternatives it you are willing to risk it.  By the way, I do daily backups . ;)
 
Best regards,
Dave
Userlevel 7
Badge +35
For the most part, logs are uploaded automatically with every ticket - the logs are in @'s ticket and I'll go ahead and get the Unknowns whitelisted.
 
-Dan
Userlevel 7
Badge +19
My Version of WSA Complete is showing as V8.0.7.26 as well.
Userlevel 7
Badge +52
@ wrote:
My Version of WSA Complete is showing as V8.0.7.26 as well.
Hello
That's right. This is the latest version.( Stable release)
Userlevel 7
Badge +56
@ wrote:
@ wrote:
My Version of WSA Complete is showing as V8.0.7.26 as well.
Hello
That's right. This is the latest version.( Stable release)
@  Confirmed v8.0.7.26 and the Release Notes will be posted Tomorrow when the staff are back to work! Here is the Download Link for PC: http://anywhere.webrootcloudav.com/zerol/wsainstall.exe
 
Thanks,
 
Daniel 😉
Userlevel 7
Badge +62
Hello SG,
 
Please have a look at this Thread Here and hope it answers your question.
 
With an uninstall/reinstall will fix this but if you have alot of unknown folders in the dastabase then they may need to be whitelisted anyways by submitting a Support Ticket, as @  and @had stated in the thread.
 
 
 
 
 
Kind Regards,
Userlevel 2
Thanks for the advise...I have started a ticket.
Userlevel 7
Hi davidco
 
Well, if you feel that there is a need for this then why not make it 'official' and open a Feature Request (link at the top of every page just left of centre) so that (i) the Development Team are aware of this, (ii) other users can comments and support the idea if they agree & (iii) the Development Team will provide a status update from time to time in terms of whether or not the idea is reviewed, under consideration, accepted, under development, etc.
 
It is the best way to move this forward.
 
Regards, Baldrick
Userlevel 7
Badge +56
Sorry that you didn't get a better answer.  I checked with folks here and we are working on having WSA remove the old data for a process that was monitored and then whitelisted.  I don't have an ETA on that yet, but once that rolls out it should take care of the folder growing continuously in size.
Userlevel 7
Badge +56
Let me see what I can find out about that.  My guess is maybe that feature didn't work properly and needs to be improved.  I'll post again when I find out more.
Userlevel 4
TH
You beat me to it. Do you live in the forums by any chance:D
 
SG
Like you I have lived with WSA for a while and whilst it is not the only 'game in town'  it is, I think, the only one I know with 'business class' support for the home user. At my advanced age that is worth a lot.
David
 
 
Userlevel 7
Badge +56
It's best to Contact Support to get your files whitelisted then you can delete the db.numbers.db files after they reply to you and do a scan, there is no need to do a clean reinstall of WSA, but if you don't get your files whitelisted it will keep growing so no need to make it more difficult IMO. And I would not suggest to do it the way you are to others as you don't know if WSA is monitoring Malware sorry.
 
Thanks,
 
Daniel ;)
 

Userlevel 7
Badge +56
In the Ticket I put "Can you please Whitelist my files" as a scan log is uploaded during the time of submission of the support ticket and the reply:
 
"Hello,

Thank you for your report. After analyzing the automatically attached logs, we have white-listed the unknown processes which SecureAnywhere had been monitoring on your system.

We ask that you run a new scan of your computer now (click "Scan My Computer" in the Overview window of SecureAnywhere). Please let us know if the same issue persists after this scan.

Regards,

The Webroot Advanced Malware Removal Team"
 
Also from the Drop Down Choose Threat Found - False Postive. So I have never had an issue asking them to Whitelist my files and I do a scan then I delete the db.numbers.db files only and please don't remove any other db files!
 
HTH,
 
Daniel ;)
Userlevel 4
TH
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
 
Userlevel 7
Badge +56
@ wrote:
TH
Maybe your additional comment is the answer.
"Also from the Drop Down Choose Threat Found - False Postive."
Is it that choice that triggers the upload of the scan log, because I cannot see a log being uploaded for all types of queries.
 
I'm not sure as far as I know when anyone contacts support a scan log is uploaded in the back ground maybe someone from support can explain more then I can on this! @ @ @ @
 
Thanks,
 
Daniel 😉
Userlevel 7
Badge +56
Yes once they are whitelisted!
 

Userlevel 7
Badge +7
Hi SG,
 
I just verified that it will work.  I checked my WRDATA directory and it had no numbered files.  I deliberately ran an install  file that I knew it would pick up and sure enough when I looked in WRDATA there were two new numbered files.  I saved a scan log and looking toward the bottom of the file, it had both files identified by name and path.
 
So I would guess as has been said already, if they have been whitelisted it will not pick them up to be monitored.
 
Best regards,
Dave
 
Edit: Tip: only use the number when searching the scan log, not the db in front or the extension.
Userlevel 7
Badge +7
SG,
I do have them occasionally, but usually it is only when I install utility type apps that access or otherwise impact the OS, hard drive, and etc.  I can just about tell you when I am going to have them show up and it is almost always when I install one of these utilities.  Other than that, my WRDATA directory is usually pretty clean and consistently has the same number of files.
 
Dave 
Userlevel 7
Hi davidco
 
Apologies...that should have been v8.0.7.66 rather than .26...I can find none and suspect that it is far too new for them to have been issued.  So to check I just went over to the website and downloaded a trail version of the installer, which definitively gave the version as v8.0.7.66...so I do not think that I am misinformed or getting confused with the beta channel.
 
EDIT: Just me getting my '66s' & '26s' completely mixed up...should be .26...LOL
 
I suspect that Release Notes will be out shortly.
 
Regards, Baldrick
 
 
 
Userlevel 7
Hi Daniel, the one in my signature reflects the beta version rarther than the release channel version, and so is correct in terms of what I want to communicate.  My confusion was just cause I was having a 'senior moment' this afternoon...that is all. ;)
 
Regards, Baldrick
Userlevel 2
Well I guess the 3rd time is the charm.
I just rebooted for the 3rd time and now the threat icon is working.
Go figure.
 
Userlevel 7
Badge +56
Yes contact support as Sherry has suggested to get your files whitelisted as I posted here: https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Controlling-WRData-folder-size-help-needed/m-p/198224#M12012 and that will solve your issue!
 
Thanks,
 
Daniel 😉
Userlevel 7
Badge +56
No need for a Re & Re just follow what I said in the link above or Direct to this one: https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Controlling-WRData-folder-size-help-needed/m-p/196162#M11896
 
Thanks,
 
Daniel 😉

Reply