Webroot is slow and fussy

  • 1 October 2013
  • 36 replies
  • 1212 views

Since a while ago Webroot has been acting a little weird. Installers sometimes take forever to load and my Autohotkey scripts are occasionally blocked. I've allowed the exes in detection configuration but it doesn't seem to help.

I know Webroot is at fault somehow because when I disable Webroot there's no slowdowns or blocked executions.

Does anyone know what's causing this?`:@

36 replies

Send ^+!, ; global hotkey set in Dopus (exits dopus)Sleep, 500Run, "C:Program FilesDirectory Opusdopus.exe" Yeah, pretty much.
Userlevel 7
I apologise I have been working on a number of different things. I was unable to reproduce any unusual behaviour using the standard (Opus+WSA)settings. I dont know your exact setup so my test setup may not reflect the exact setup you have. Is your script just closing Opus waiting for a set time and then reloading it?
So yeah, thanks for the feedback...
Userlevel 7
Weird.  I will have to defer to our threat researchers on this issue to ensure the files are whitelisted, if they should be whitelisted.  @, any success in your investigation?
I have run the script several times now with Realtime Shield disabled, and it has worked every single time. With Realtime shield enabled, The script works maybe 60% of the time.
Userlevel 7
I`ll have a look at the program now and see If I can reproduce said behaviour. 
Not as of yet. I'm gonna do some troubleshooting and report back!
Userlevel 7
Have you confirmed that the script works 3 out of 3 times when Webroot is disabled?
Yes it's a file manager.

My heuristics are set pretty low but, the weird thing is, why don't I get any confirmation dialogs? I should at least be getting a window asking me what to do with the file I'm trying to run? Because I have that setting turned on.
 
 
Edit: Also, if I run Dopus from the Run window for example, it doesn't get blocked. Only when I run it via my script.
Userlevel 7
I had to look up Directory Opus to see what it is.  It looks like it's a replacement for Windows Explorer.  @ can probably tell us if the nature of the program has something to do with the issue.  Until then, have you tried adjusting your heuristics settings down a notch or two?  The nature of the program strikes me as something that may set off a heuristic flag.  It would be good to know whether or not adjusting heuristics settings has any impact on the issue.
Still having troubles.
 
Here's one of the scripts that I use that's being blocked like every third time I run it.
Send ^+!, ; global hotkey set in Dopus (exits dopus)Sleep, 1000Run, "C:Program FilesDirectory Opusdopus.exe", C:Program FilesDirectory Opus 
Userlevel 7
To be honest in the industry we are in the file names of porn files is the least worst thing you will see! We do need a certain amount of information to do our job in protecting our customers. Without a user actually giving me some indentifying information I wouldnt be able to indentify a user if that makes sense! We do take privacy very seriously even more so since we work with infections/malware on a daily that try to take personal info so we know whats out there!
Userlevel 7
@ wrote:
Of course no files are ever transferred anywhere, but I mean, if you can see complete file names, that's a hazard in itself. And not to mention all the porn file names that pop up :p
No reason to be concerned or even to be afraid. As other members explained, it is nothing exceptional that AV vendors have access to logs containing some kind of informations about files (name or MD5) including the paths. Otherwise all AV & anti-malware concept would not work. I would also like to highlight and support Roy's declaration about the users privacy. You can be sure that at Webroot they take users privacy very seriously and this policy is adhered to one hundred percent. I had dozens remote sessions with @ and other engineers from Webroot and former Prevx to troubleshoot my issues and I never and I emphasize word never had any doubts about my privacy.
Userlevel 4
Any AV vendor will have that same information if you ever contact them for support. As far as I know, every AV company's logs contain  file names.
 
It's not just Webroot.
Of course no files are ever transferred anywhere, but I mean, if you can see complete file names, that's a hazard in itself. And not to mention all the porn file names that pop up 😛
Userlevel 7
No we do not have access to any of your files or documents on your PC. The details of the scan log can be seen by doing the following. A snipped of a log is posted below, we can see path/filename and MD5. No actual copies of any files is ever taken from your PC. The scan logs that are sent to us are encrypted. We take our users privacy very seriously. 
 
 
- Open Webroot
- Select the option "System Tools"
- On the System Tools screen click the Reports tab
- On the Reports tab screen press the Save as.. button.
 
[u] c:windowssystem32cmidialogs.dll [MD5: 8BAEB21862D8CDD17AD2294709EB0F4C] [Flags: 40080010.2742]
[u] c:program filesiomegaiomega encryptionplxtech.das.dotnetapi.dll [MD5: 80505583366D74E12206281526919F04] [Flags: 40080010.2743]
[u] c:program filesiomegaiomega encryptiondeviceaccess.dll [MD5: 9D79DC423EE0CB8C6442093C3CC9FA09] [Flags: 40080010.2746]
[u] c:program filesiomegaiomega encryptionplxtech.das.gateway.core.dll [MD5: 5D17D848CD2C1FAECFB9A945CE136AC9] [Flags: 40080010.2747]
Userlevel 4
Webroot is 100% in the cloud so you can't turn it off unless you shut Webroot down.
 
Also, I don't believe they see your files, but MD5 hash values which are a bunch of gibberish looking numbers/letters.
So basically any Webroot employee can see all my computer's (scanned) files in your definition database? That's kinda creepy....
 
Anyway why do they have to be whitelisted in the cloud when I'm doing it locally? Is there a flag somewhere to ignore cloud settings?
Userlevel 7
They were a large number of unknown files in the scan including some of the script programs that you mentioned in your first post. I have whitelisted them in our database. The deep scan gets Webroot to recheck the unknowns and thus it will help with scan speeds and will stop the program from monitoring said unknown files.
 
It should help but if your still having the issue and you have tried Jim`s idea then we can try a few other ideas.
i did a deep scan just now, it took a minute and there were no threats found. How is this supposed to help my situation? Is it supposed to "jog Webroot's memory" or something? :S
Userlevel 7
@ wrote:
I did a quick poll around the office and most of us here use VLC and nobody has had any issues. Is this issue when you are playing video content inside a browser or files locally? It may be an issue with the VLC browser plugin. I am going through all the VLC data I can find in the database which will take a while. Can you try and see if you can replicate the issue for me? 
The issue was when I played video in a browser (in my case Opera 12.xx), so it's probably correct to assume that it is related to VLC plugin. Unfortunately I cannot replicate it now because as I said it happened only once when the first video was played after VLC installation. Though it doesn't explain the experienced lag during installation or does so? Maybe so, if the plugin is the culprit, it could hinder installation because the plugin is bundled in the installation file.
Userlevel 7
I did a quick poll around the office and most of us here use VLC and nobody has had any issues. Is this issue when you are playing video content inside a browser or files locally? It may be an issue with the VLC browser plugin. I am going through all the VLC data I can find in the database which will take a while. Can you try and see if you can replicate the issue for me? 
Userlevel 7
@ wrote:
Can you elaborate on the issues you had/have with VLC? I use it myself on my home PC and I havent had any issues? I didnt get full diagnostic logs just the scan logs which I have cleaned up which should help. If it doesnt I will collect full diagnostic logs and do a full system check. 
I experienced the same lag during installation/update of VLC and then the first run of a video in a browser using VLC plug-in. It took ages to install VLC and play the first video. I saw endless authenticating files notification, file by file. As soon as WSA was shut down installation resp. video play finished resp. started instantly. However I didn't update VLC quite a long, so I cannot speak now. If you need something more, let me know.
Userlevel 7
Can you elaborate on the issues you had/have with VLC? I use it myself on my home PC and I havent had any issues? I didnt get full diagnostic logs just the scan logs which I have cleaned up which should help. If it doesnt I will collect full diagnostic logs and do a full system check. 
Userlevel 7
I have whitelisted the scan logs, I have left some of the files as bad however. I have sent you the instructions to run a deep scan which should help with scan times and system peformance. 
 
 

Reply