wsa blocks my DLL by folder


I've developped an ActiveX which is embeded in a web page. The ActiveX used to require admin previledge to be installed in c:program filesmyactivex  folder. To make the activex more friendly, I've made some changes so that it can now be installed without admin previledge in LocalAppDataFolder. But for unknown reason, wsa blocked some DLLs that were installed with my activex. WSA simply denied DLL access without prompting any message. The DLL is FreeimageNet.dll and Freeimage.dll , an open source library project. These two files have been manually scanned and no threat is detected. And they work fine when they were installed in c:program filesmyactivex  folder. They also work if I shutdown wsa.
 
I've tried to add these two files in allowed files but another strange thing happened. When I added C:UsersmyuserAppDataLocalmyactivexFreeimageNet.dll, the file in the block/allow files list became c:myproj
eleaseFreeImageNet.dll, the same file but in diffrent folder. For a test, I added another DLL file in C:UsersmyuserAppDataLocalmyactivex folder, the file and folder are all exactly the same with what I input.
 
The version no. of Webroot SecureAnywhere listed in uninstall a program is 8.0.4.66.

15 replies

Userlevel 7
Badge +35
Hello tochi,
Please Submit a ticket so that we can gather the proper logs and get this corrected.
 
Thanks,
 
-Dan
 
Userlevel 7
Hi tochi
 
Welcome to the Community Fora...:D
 
EDIT: Ahhh, I see that Dan the Man has gotten in before Baldrick the Snail...;)  tochi you are in good hands!
 
How very strange.  Have never heard of that before but then I don't play with ActiveX as much as you do.
 
Whilst you mention that you have tried adding the files concerned to the Block/Allow files list have you also checked how these files are recorded under 'Control Active Processes' which is another place where files can be 'Blocked', 'Allowed' (and also 'Monitored' for that matter).
 
If you need some more information on this and this whole area of blocking and allowing files then please take a look at this KB article as it may help with the options you habd and the places that this can be undertaken.
 
With regard to the path of the files changing when 'Allowed' or 'Blocked' I think that you need to let Support take a look at what could be causing that and so I would Submit a Support Ticket with all the information/reference to this thread,.
 
Please post back to let us know how you get on as and when you submit the ticlket and Support get back to you.
 
Regards
 
 
Baldrick
Userlevel 5
Hi, tochi
 
I think it is a bug maybe they will correct it soon but i suggest submitting a ticket(Go to the link on one of the expert adviors replies and submit the ticket).
The tech support said my files were whitelisted and asked me to restart computer. But it didn't help. Then I was asked to be contacted by phone to resolve the issue. When I was ready to do so this morning, the issue is gone. Probably the change they made did not reach my computer until today.
Userlevel 7
Hi tochi
 
Glad to see that the issue has been resolved for you. :D  Yes, you are most likely right...it does sometimes take time for whitelisting to filter through especially since Webroot is a global organisation and has servers nodes located regionally and I suspect that it take some time for the whitelisting done in one node to replicate around the whole network.
 
Just a hunch but would seem to make sense...I am sure I will be quickly corrected by the more knowledgeable if not.
 
Regards
 
 
Baldrick
The DLL was blocked again after I downloaded latest version of Freeimage and built another freeimage.dll. Do I have to send support ticket everytime I build a new freeimage.dll for whatever reasons? I don't think it's a good idea. I am also curious, there are other DLLs in the same folder and they are not blocked. Why does WSA block this particular freeimage.dll ? Are DLL files in %appdata%..local folder considered potential threats?
Userlevel 7
Hi tochi
 
We will probably need the like of @ or @ to explain but I would bet that the other .dlls have not changed and the one you mention is the only one that has a new and therefore unknown hash...but I am far from being an expert in the matter of exactly how the determination is made. ;)
 
Regards, Baldrick
Userlevel 7
Badge +62
Hi tochi, I just would like to mention I know it's difficult to get these DLLs blocked and you realize how easy it is to open a support ticket,hence it sounds like you already have..but the The Webroot support team is always ready to save the day so to speak..so how about one more time... open a support ticket. ..and keep in touch so we can help others resolve same issue?
Of course you could do what Baldrick suggested also. Right?
We are here on the forum to support is my motto...have a nice day considering..
Sherry
As I have experienced, the white list may take a day or maybe longer to reach every computer. It's not acceptable if there's a major bug in the DLL that need to be fixed. I want to know why freeimage.dll is blocked in that folder. It's seems WSA is too aggressive to me.
Userlevel 7
Badge +62
Hello again tochi, Yes maybe so but if WebrootAnywhere isn't compatible and our advisors in this forum and or support can't solve your issues, then I'm sure you could get a refund....if you think WSA is too aggressive.

Would love to be able to assist you but I'm only a Webroot forum volunteer and was only asking for you to get our Support team to address this DLL block again. I don't want you to miss out on any support options available to you...

Best Regards, Sherry
Userlevel 7
Hi tochi
 
Have you had any substantive & useful responses back re. your 2nd question on this subject?  Let us know if if not then I will try to dig something out for you.
 
Regards
 
 
Baldrick
No, not yet.
Userlevel 7
Hi tochi
 
OK, well let's see if our excellent Community Manager, @ , can once again pull the proverbial rabbit from the hat on this. :D
 
Nic, tochi raised a good question in post 7 of this thread and I tagged Roy & DanP to see if they would be able to provide a more detailed answer (well, certainly a better one than my guess) but I suspect that they are busy and so have not had any time to reply.  Would you therefore be able to see if you can dig up something to help tochi out?
 
Many thanks in anticipation of you being able to weave your Community Mgr magic re. this.
 
Regards
 
 
 
Baldrick
Userlevel 7
Badge +56
@ wrote:
Hi tochi
 
OK, well let's see if our excellent Community Manager, @ , can once again pull the proverbial rabbit from the hat on this. :D
 
Nic, tochi raised a good question in post 7 of this thread and I tagged Roy & DanP to see if they would be able to provide a more detailed answer (well, certainly a better one than my guess) but I suspect that they are busy and so have not had any time to reply.  Would you therefore be able to see if you can dig up something to help tochi out?
 
Many thanks in anticipation of you being able to weave your Community Mgr magic re. this.
 
Regards
 
 
 
Baldrick
From what I understand, our threat team is able to create rules that can recognize new versions of a file and not flag them each time.  Go ahead and contact support again and then ask them if they can do that.
Userlevel 7
Cheers, Nic
 
You is da man! :D
 
tochi...go for it!
 
Regards
 
 
Baldrick

Reply