Solved

WSA (Webroot Secure Anywhere) kills defender.exe



Show first post

44 replies

No problem. I will.
Userlevel 7
Badge +55
@cuttingedgetech wrote:
Yeah, I sumitted a support ticket. I offered remote access to the machine. I'm waiting for them to get back in touch with me since their first suggestion did not resolve the issue.
Great to hear please let us know the outcome! ;)
 
Thanks,
 
Daniel
Yeah, I sumitted a support ticket. I offered remote access to the machine. I'm waiting for them to get back in touch with me since their first suggestion did not resolve the issue.
Userlevel 7
Strange thought here as I don't use that myself so I am a bit out in left field. Would it possibly help to remove Webroot, set up the other fully, and then install Webroot? Maybe having Webroot installed first complicates things?
Userlevel 7
Badge +55
@cuttingedgetech wrote:
None, WSA, and SD are the only security applications installed on this PC. I don't even have any on-demand applications installed.  This machine is Vista 32 bit.
Strange. Did you Submit a Support Ticket as David had suggested earlier? It could be something specific to Vista?
 
Daniel
None, WSA, and SD are the only security applications installed on this PC. I don't even have any on-demand applications installed.  This machine is Vista 32 bit.
Userlevel 7
Badge +55
What other security software you are using with WSA & SD? As I had no problems with my Win 7 32bit and it's continues to work fine and I'm using SD v1.2.0.376.
 
Daniel
I also did the deep scan as requested.
That did not resolve the problem. Defender.exe still will not run when WSA is enabled. As soon as I disable WSA it runs without issue.
Userlevel 7
Hello,

OK I am finished whitelisting, see if that helps. I would also like you to run a deep scan too.

Open the Webroot Software:

1. Click PC Security in the top tab of the Webroot Secure Anywhere window.
2. Open the Scan tab.
3. Click the Custom Scan link.
4. The default scan option is "Deep". Click Scan.

This will start a Deep Scan of your system.

Thank you,
Roy Tobin,
Threat Research
Userlevel 7
I am currently whitelisting all the files I can find related to this program. I will post when I am finished the whitelisting
TH, thanks for helping to get the files white listed!
That's strange! Have you been running the latest version of SD, and WSA together on Vista 32 bit long? WSA is not flagging anything as malicious, but as soon as I enable WSA it kills defender.exe closing out SD's UI.  If it's not a false positive then it would be a bug.
Userlevel 7
Badge +55
You to David!
 
Daniel
Userlevel 7
Thanks TH, you rock! Have a good night 🙂
Userlevel 7
Badge +55
Hi cuttingedgetech,

 
I have no issue with that version of SD & WSA but I did notice that a few files are marked unknown. Nothing is being blocked under active proccesses.
 
Some legitimate files are not included in this log
[u] c:program filesshadow defendercommit.exe [MD5: 1EBBFD2A01F39FA562E9710946186BC6] [Flags: 00081000.3572]
[u] c:program filesshadow defendershellext.dll [MD5: 55D2BF42167A4640B925CBE8C85F611E] [Flags: 00081000.3571]
[u] c:program filesshadow defenderuninstall.exe [MD5: 17E61431AD5144B7867D1C01368A144D] [Flags: 00081000.3565]
[u] c:windowssystem32driversdiskpt.sys [MD5: 6724BFB88CBF21D95B37D25AAD844667] [Flags: 00081000.3567]
[u] c:program filesshadow defendercmdtool.exe [MD5: 0A26AA8AE8FCE752694EF989FADB56BE] [Flags: 00081000.3568]

I will contact support to get these files whitelisted.
 
EDIT: I should say that I have it on Win 7 32bit.
 
TH
 
 
Ok, I just submitted a support ticket. Btw.. WSA kills Defender.exe without flagging it at all. It silently kills it in the background. I added that info to the ticket. I forgot to mention it earlier.
No I haven't, but I will now.  Thanks!
Userlevel 7
Hello cuttingedgetech,

 
Have you filed a Trouble Ticket?  That is the best way to report something that might need Whitelisted.
 
 

Reply