This morning, Webroot Secureanywhere did not start. OnlineArmor asked if I wanted to allow a program with a name similar to "WRupdate347369.exe" to execute out of the temp folder. It identified itself as a Webroot program but the numbers seemed strange and executing out of the temp folder concerned me. I NEEDED to log in for a webinar so execution was blocked and Secureanywhere had to be manually started. The executable did not appear again.
Was this a legitimate WR update? If so, how can it be verified before allowing it to execute?
(Comment: It has been advised by other applications (JAVA & Adobe are the most notorious) not to allow automatic updates to execute but rather go to the website and get the update directly.)
Best answer by ExpertNovice 3 November 2012, 15:54
As was already indicated, if you're not sure about the update, you can download the new version from the normal download link in the email you received. This will always have the most up to date version and simply running the downloaded version will install the update if there is one to update.
Also, useful information for verifying a lot of things: As long as the digital signature is intact and you trust the digital signature (The company has not been hacked and the signature hasn't been revoked yet), you can check this in the file properties. Windows displays a different warning based on the validity or lack thereof of the digital signature for example.
Right-Click on the file and click Properties at the bottom.
Click on Digital Signature tab (If it's not there, it's not signed).
Click on the signature and click Details to see the details below. As long as it says the signature is OK, it's validly signed and not tampered with.
This applies to all executable files, like EXEs, DLLs, and SYS files.