Solved

WSA (Webroot Secure Anywhere) kills defender.exe


I have made this same post over at Shadow Defender's Official forum.  Please fix!
 
Today I installed Shadow Defender version 1.2.0.376 on my father's computer.  He has Windows Vista 32 bit on his PC.   I then tried to access SD's UI by double clicking on the tray icon.  I discovered that each time I double clicked on SD's tray icon that the UI would briefly appear, and close on its own just as soon as it appeared.  I tried disabling UAC first, and found that this did nothing to resolve the issue. I tried to access it from Windows start menu, and the UI would still close as soon as it appeared.  Next I shut down WSA (Webroot Secure Anywhere), and then opened Shadow Defender's UI by double clicking the tray icon.  The UI stayed opened as expected, and no longer closed.  I opened SD's UI multiple times while WSA was shut down, and had no further issue with SD's UI closing.  I then opened Window's task manager to see that DefenderDaemon.exe was running in the background.  I then enabled WSA, and  DefenderDaemon.exe continued to run with no visible problems. I then double clicked SD's tray icon, and saw that Defender.exe loaded very briefly before being killed by WSA.

I accessed process management from within WSA where it gives an option to Allow, Monitor, Block a process, but Defender.exe was not listed in the list. Only DefenderDaemon.exe was listed so I don't see how to whitelist or set an exception for Defender.exe.  WSA is also blocking Shadow Defender's Website, and classifying it as malware. I'm going to post this over at Webroots forum so they can hopefully fix this issue. They should be able to make a quick fix for this. Is anyone else running the two together right now, and what OS are your running? Have you noticed any issues when running the two together? I hope my post doesn't sound too confusing! Sorry, I have a headache tonight, and am struggling a bit. If anything I have said is a bit confusing then let me know, and I will try to explain it better. Btw.. I'm looking forward to seeing what Tony's been working on!
 
Here is the link for the post over at Shadow Defender's forum http://shadowdefenderforum.com/index.php?topic=42.msg283#msg283
icon

Best answer by cutting_edgetech 8 June 2013, 00:29

Uninstalling WSA, and reinstalling it with Shadow Defender already installed on the PC fixed the problem. I guess it's was a bug.  Thanks Guys! I will update my support ticket now.
View original

44 replies

Userlevel 7
Strange thought here as I don't use that myself so I am a bit out in left field. Would it possibly help to remove Webroot, set up the other fully, and then install Webroot? Maybe having Webroot installed first complicates things?
Uninstalling WSA, and reinstalling it with Shadow Defender already installed on the PC fixed the problem. I guess it's was a bug.  Thanks Guys! I will update my support ticket now.
TH, that's why I don't buy Desktops anymore. They come with so much garbage preinstalled on them that they are not worth the trouble. I think I will start doing the same with Laptops. This Sony Laptop came with so much crap installed on it that I had multiple issues with it for months. I also found several applications that I consider Sypware. These applications were phoning home to Sony with loads of data about my usage.
Best thing to do is build your own. I have 8 Desktops, but I build my own. I was saying I should start building my Laptops as well.
Userlevel 7
Building laptops is messy at least it used to be when I did it years ago, maybe it has changed now. BTW I figured out the issue with WSA and defender.exe it shouldnt ever happen again.
Userlevel 7
Hello cuttingedgetech,

 
Have you filed a Trouble Ticket?  That is the best way to report something that might need Whitelisted.
 
 
No I haven't, but I will now.  Thanks!
Userlevel 7
Badge +55
Hi cuttingedgetech,

 
I have no issue with that version of SD & WSA but I did notice that a few files are marked unknown. Nothing is being blocked under active proccesses.
 
Some legitimate files are not included in this log
[u] c:program filesshadow defendercommit.exe [MD5: 1EBBFD2A01F39FA562E9710946186BC6] [Flags: 00081000.3572]
[u] c:program filesshadow defendershellext.dll [MD5: 55D2BF42167A4640B925CBE8C85F611E] [Flags: 00081000.3571]
[u] c:program filesshadow defenderuninstall.exe [MD5: 17E61431AD5144B7867D1C01368A144D] [Flags: 00081000.3565]
[u] c:windowssystem32driversdiskpt.sys [MD5: 6724BFB88CBF21D95B37D25AAD844667] [Flags: 00081000.3567]
[u] c:program filesshadow defendercmdtool.exe [MD5: 0A26AA8AE8FCE752694EF989FADB56BE] [Flags: 00081000.3568]

I will contact support to get these files whitelisted.
 
EDIT: I should say that I have it on Win 7 32bit.
 
TH
 
 
Userlevel 7
Thanks TH, you rock! Have a good night 🙂
Userlevel 7
Hello,

OK I am finished whitelisting, see if that helps. I would also like you to run a deep scan too.

Open the Webroot Software:

1. Click PC Security in the top tab of the Webroot Secure Anywhere window.
2. Open the Scan tab.
3. Click the Custom Scan link.
4. The default scan option is "Deep". Click Scan.

This will start a Deep Scan of your system.

Thank you,
Roy Tobin,
Threat Research
No problem. I will.
Userlevel 7
@cuttingedgetech wrote:
Btw.. could someone PM me a link to WSA's latest installer? Thanks!
Boom: http://anywhere.webrootcloudav.com/zerol/wsainstall.exe
 
Note: If you are a Best Buy subscription customer who has stumbled across this topic looking for the installer, don't use this one.  Instead, use this one: http://updates.webroot.com/downloads/WRInstallBestBuy.exe 
Userlevel 7
Or again, it might be installing Shadow Defender first and Webroot second. I know using other AV software and Webroot together can be done but it works better if Webroot is installed second in my experience.
Userlevel 7
Badge +55
Both of mine are Dell and when I get them I do a complete reinstall of the OS and download all the drivers needed as they add so much crap but that's great David 😉 got you on the right path!
 
Daniel
I wish that was the case, but I had support ticket for my Sony Laptop. Support tried everything they knew to do and they could not come up with a solution. They even had remote access to my Laptop several times. They said Tony would have to be the one to fix it. Tony came up with a fix after he returned after being away for some time. He fixed the BSOD, but I was not able to run WSA on my Laptop long before it would no longer boot.
 
I sent several bug reports for one of the HP Desktop, and I discovered on my own that there was a conflict with WSA, and SD. They were unable to discover the problem with the dumps I  sent.  I don't believe Webroot had acquired Prevx yet. After webroot took over I tried installing WSA on that machine with SD installed.  They were fine running solo, but as soon as they were both installed together the machine became unusable due to so many BSOD's. I continued installing WSA on that machine probably every 3 months with the same result. The machine was unusable from so many BSOD's. I don't know what change Tony made with SD, but that fixed the problem for that particular machine. I had tried almost all other AV's during that time with SD, and had not problems running them with SD. I only had problems with Prevx / and then WSA.  I had the same result with two other HP desktops, and I didn't report those since I did not think the problem could be fixed.
Yes, it seems best to install WSA last. That resolved the issue for this thread anyway 🙂
Userlevel 7
Badge +55
Yea I don't use Desktops anymore for the last 7 years and always to much crap on Laptop's so a clean OS reinstall does the trick! ;)
 
Daniel
Userlevel 7
Best thing to do with a new Desktop is make sure you have a full Windows isntall CD.  Get the computer home, put the recovery CD (If it came with one) up where you can't find it, format C and install everything  yourself.    :)
Ok, I just submitted a support ticket. Btw.. WSA kills Defender.exe without flagging it at all. It silently kills it in the background. I added that info to the ticket. I forgot to mention it earlier.
Userlevel 7
Badge +55
You to David!
 
Daniel
That's strange! Have you been running the latest version of SD, and WSA together on Vista 32 bit long? WSA is not flagging anything as malicious, but as soon as I enable WSA it kills defender.exe closing out SD's UI.  If it's not a false positive then it would be a bug.
TH, thanks for helping to get the files white listed!
Userlevel 7
I am currently whitelisting all the files I can find related to this program. I will post when I am finished the whitelisting
That did not resolve the problem. Defender.exe still will not run when WSA is enabled. As soon as I disable WSA it runs without issue.
I also did the deep scan as requested.

Reply