Solved

WSA (Webroot Secure Anywhere) kills defender.exe


I have made this same post over at Shadow Defender's Official forum.  Please fix!
 
Today I installed Shadow Defender version 1.2.0.376 on my father's computer.  He has Windows Vista 32 bit on his PC.   I then tried to access SD's UI by double clicking on the tray icon.  I discovered that each time I double clicked on SD's tray icon that the UI would briefly appear, and close on its own just as soon as it appeared.  I tried disabling UAC first, and found that this did nothing to resolve the issue. I tried to access it from Windows start menu, and the UI would still close as soon as it appeared.  Next I shut down WSA (Webroot Secure Anywhere), and then opened Shadow Defender's UI by double clicking the tray icon.  The UI stayed opened as expected, and no longer closed.  I opened SD's UI multiple times while WSA was shut down, and had no further issue with SD's UI closing.  I then opened Window's task manager to see that DefenderDaemon.exe was running in the background.  I then enabled WSA, and  DefenderDaemon.exe continued to run with no visible problems. I then double clicked SD's tray icon, and saw that Defender.exe loaded very briefly before being killed by WSA.

I accessed process management from within WSA where it gives an option to Allow, Monitor, Block a process, but Defender.exe was not listed in the list. Only DefenderDaemon.exe was listed so I don't see how to whitelist or set an exception for Defender.exe.  WSA is also blocking Shadow Defender's Website, and classifying it as malware. I'm going to post this over at Webroots forum so they can hopefully fix this issue. They should be able to make a quick fix for this. Is anyone else running the two together right now, and what OS are your running? Have you noticed any issues when running the two together? I hope my post doesn't sound too confusing! Sorry, I have a headache tonight, and am struggling a bit. If anything I have said is a bit confusing then let me know, and I will try to explain it better. Btw.. I'm looking forward to seeing what Tony's been working on!
 
Here is the link for the post over at Shadow Defender's forum http://shadowdefenderforum.com/index.php?topic=42.msg283#msg283
icon

Best answer by cutting_edgetech 8 June 2013, 00:29

Uninstalling WSA, and reinstalling it with Shadow Defender already installed on the PC fixed the problem. I guess it's was a bug.  Thanks Guys! I will update my support ticket now.
View original

44 replies

Userlevel 7
Hello cuttingedgetech,

 
Have you filed a Trouble Ticket?  That is the best way to report something that might need Whitelisted.
 
 
No I haven't, but I will now.  Thanks!
Ok, I just submitted a support ticket. Btw.. WSA kills Defender.exe without flagging it at all. It silently kills it in the background. I added that info to the ticket. I forgot to mention it earlier.
Userlevel 7
Badge +55
Hi cuttingedgetech,

 
I have no issue with that version of SD & WSA but I did notice that a few files are marked unknown. Nothing is being blocked under active proccesses.
 
Some legitimate files are not included in this log
[u] c:program filesshadow defendercommit.exe [MD5: 1EBBFD2A01F39FA562E9710946186BC6] [Flags: 00081000.3572]
[u] c:program filesshadow defendershellext.dll [MD5: 55D2BF42167A4640B925CBE8C85F611E] [Flags: 00081000.3571]
[u] c:program filesshadow defenderuninstall.exe [MD5: 17E61431AD5144B7867D1C01368A144D] [Flags: 00081000.3565]
[u] c:windowssystem32driversdiskpt.sys [MD5: 6724BFB88CBF21D95B37D25AAD844667] [Flags: 00081000.3567]
[u] c:program filesshadow defendercmdtool.exe [MD5: 0A26AA8AE8FCE752694EF989FADB56BE] [Flags: 00081000.3568]

I will contact support to get these files whitelisted.
 
EDIT: I should say that I have it on Win 7 32bit.
 
TH
 
 
Userlevel 7
Thanks TH, you rock! Have a good night 🙂
Userlevel 7
Badge +55
You to David!
 
Daniel
That's strange! Have you been running the latest version of SD, and WSA together on Vista 32 bit long? WSA is not flagging anything as malicious, but as soon as I enable WSA it kills defender.exe closing out SD's UI.  If it's not a false positive then it would be a bug.
TH, thanks for helping to get the files white listed!
Userlevel 7
I am currently whitelisting all the files I can find related to this program. I will post when I am finished the whitelisting
Userlevel 7
Hello,

OK I am finished whitelisting, see if that helps. I would also like you to run a deep scan too.

Open the Webroot Software:

1. Click PC Security in the top tab of the Webroot Secure Anywhere window.
2. Open the Scan tab.
3. Click the Custom Scan link.
4. The default scan option is "Deep". Click Scan.

This will start a Deep Scan of your system.

Thank you,
Roy Tobin,
Threat Research
That did not resolve the problem. Defender.exe still will not run when WSA is enabled. As soon as I disable WSA it runs without issue.
I also did the deep scan as requested.
Userlevel 7
Badge +55
What other security software you are using with WSA & SD? As I had no problems with my Win 7 32bit and it's continues to work fine and I'm using SD v1.2.0.376.
 
Daniel
None, WSA, and SD are the only security applications installed on this PC. I don't even have any on-demand applications installed.  This machine is Vista 32 bit.
Userlevel 7
Badge +55
@cuttingedgetech wrote:
None, WSA, and SD are the only security applications installed on this PC. I don't even have any on-demand applications installed.  This machine is Vista 32 bit.
Strange. Did you Submit a Support Ticket as David had suggested earlier? It could be something specific to Vista?
 
Daniel
Userlevel 7
Strange thought here as I don't use that myself so I am a bit out in left field. Would it possibly help to remove Webroot, set up the other fully, and then install Webroot? Maybe having Webroot installed first complicates things?
Yeah, I sumitted a support ticket. I offered remote access to the machine. I'm waiting for them to get back in touch with me since their first suggestion did not resolve the issue.
Userlevel 7
Badge +55
@cuttingedgetech wrote:
Yeah, I sumitted a support ticket. I offered remote access to the machine. I'm waiting for them to get back in touch with me since their first suggestion did not resolve the issue.
Great to hear please let us know the outcome! ;)
 
Thanks,
 
Daniel
No problem. I will.
I just notified Tony at bugs@shadowdefender.com  I don't know if there is anything he can do to prevent this, but if it's a bug with SD then i'm sure he could fix it.  I was thinking maybe there is a conflict with WSA, and Defender.exe.  Maybe he could even add some self protection for Shadow Defender's processes.
DavidP's suggestion of uninstalling Webroot, and installing it after Shadow Defender has been installed could possible work since Defender.exe does not show up in Webroot's process manager on this machine. I would have already set an exception for Defender.exe if it would appear in WSA's process manager. I'll give that a try, and report back.  Thanks for all feedback!
Btw.. could someone PM me a link to WSA's latest installer? Thanks!
Userlevel 7
@cuttingedgetech wrote:
Btw.. could someone PM me a link to WSA's latest installer? Thanks!
Boom: http://anywhere.webrootcloudav.com/zerol/wsainstall.exe
 
Note: If you are a Best Buy subscription customer who has stumbled across this topic looking for the installer, don't use this one.  Instead, use this one: http://updates.webroot.com/downloads/WRInstallBestBuy.exe 
Userlevel 7
Jim beat me to it.

Psssst. Anytime you want the current installer, just look below at my signature area. 🙂
Thanks guys! I will try that as soon as I can pry my niece off the computer,

Reply