To Customer Support To Customer Support
Solved

WSA (Webroot Secure Anywhere) kills defender.exe

cutting_edgetech
Rank
Userlevel 4
I have made this same post over at Shadow Defender's Official forum.  Please fix!
 
Today I installed Shadow Defender version 1.2.0.376 on my father's computer.  He has Windows Vista 32 bit on his PC.   I then tried to access SD's UI by double clicking on the tray icon.  I discovered that each time I double clicked on SD's tray icon that the UI would briefly appear, and close on its own just as soon as it appeared.  I tried disabling UAC first, and found that this did nothing to resolve the issue. I tried to access it from Windows start menu, and the UI would still close as soon as it appeared.  Next I shut down WSA (Webroot Secure Anywhere), and then opened Shadow Defender's UI by double clicking the tray icon.  The UI stayed opened as expected, and no longer closed.  I opened SD's UI multiple times while WSA was shut down, and had no further issue with SD's UI closing.  I then opened Window's task manager to see that DefenderDaemon.exe was running in the background.  I then enabled WSA, and  DefenderDaemon.exe continued to run with no visible problems. I then double clicked SD's tray icon, and saw that Defender.exe loaded very briefly before being killed by WSA.

I accessed process management from within WSA where it gives an option to Allow, Monitor, Block a process, but Defender.exe was not listed in the list. Only DefenderDaemon.exe was listed so I don't see how to whitelist or set an exception for Defender.exe.  WSA is also blocking Shadow Defender's Website, and classifying it as malware. I'm going to post this over at Webroots forum so they can hopefully fix this issue. They should be able to make a quick fix for this. Is anyone else running the two together right now, and what OS are your running? Have you noticed any issues when running the two together? I hope my post doesn't sound too confusing! Sorry, I have a headache tonight, and am struggling a bit. If anything I have said is a bit confusing then let me know, and I will try to explain it better. Btw.. I'm looking forward to seeing what Tony's been working on!
 
Here is the link for the post over at Shadow Defender's forum http://shadowdefenderforum.com/index.php?topic=42.msg283#msg283
icon

Best answer by cutting_edgetech 8 June 2013, 00:29

View original

44 replies

shorTcircuiT
Userlevel 7
Strange thought here as I don't use that myself so I am a bit out in left field. Would it possibly help to remove Webroot, set up the other fully, and then install Webroot? Maybe having Webroot installed first complicates things?
New to the Community? Register now and start posting! "If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!" WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
cutting_edgetech
Rank
Userlevel 4
Uninstalling WSA, and reinstalling it with Shadow Defender already installed on the PC fixed the problem. I guess it's was a bug.  Thanks Guys! I will update my support ticket now.
cutting_edgetech
Rank
Userlevel 4
TH, that's why I don't buy Desktops anymore. They come with so much garbage preinstalled on them that they are not worth the trouble. I think I will start doing the same with Laptops. This Sony Laptop came with so much crap installed on it that I had multiple issues with it for months. I also found several applications that I consider Sypware. These applications were phoning home to Sony with loads of data about my usage.
cutting_edgetech
Rank
Userlevel 4
Best thing to do is build your own. I have 8 Desktops, but I build my own. I was saying I should start building my Laptops as well.
Rakanisheu Retired
Userlevel 7
Building laptops is messy at least it used to be when I did it years ago, maybe it has changed now. BTW I figured out the issue with WSA and defender.exe it shouldnt ever happen again.
shorTcircuiT
Userlevel 7
Hello cuttingedgetech,

 
Have you filed a Trouble Ticket?  That is the best way to report something that might need Whitelisted.
 
 
New to the Community? Register now and start posting! "If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!" WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
cutting_edgetech
Rank
Userlevel 4
No I haven't, but I will now.  Thanks!
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hi cuttingedgetech,

 
I have no issue with that version of SD & WSA but I did notice that a few files are marked unknown. Nothing is being blocked under active proccesses.
 
Some legitimate files are not included in this log
[u] c:program filesshadow defendercommit.exe [MD5: 1EBBFD2A01F39FA562E9710946186BC6] [Flags: 00081000.3572]
[u] c:program filesshadow defendershellext.dll [MD5: 55D2BF42167A4640B925CBE8C85F611E] [Flags: 00081000.3571]
[u] c:program filesshadow defenderuninstall.exe [MD5: 17E61431AD5144B7867D1C01368A144D] [Flags: 00081000.3565]
[u] c:windowssystem32driversdiskpt.sys [MD5: 6724BFB88CBF21D95B37D25AAD844667] [Flags: 00081000.3567]
[u] c:program filesshadow defendercmdtool.exe [MD5: 0A26AA8AE8FCE752694EF989FADB56BE] [Flags: 00081000.3568]

I will contact support to get these files whitelisted.
 
EDIT: I should say that I have it on Win 7 32bit.
 
TH
 
 
shorTcircuiT
Userlevel 7
Thanks TH, you rock! Have a good night 🙂
New to the Community? Register now and start posting! "If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!" WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
Rakanisheu Retired
Userlevel 7
Hello,

OK I am finished whitelisting, see if that helps. I would also like you to run a deep scan too.

Open the Webroot Software:

1. Click PC Security in the top tab of the Webroot Secure Anywhere window.
2. Open the Scan tab.
3. Click the Custom Scan link.
4. The default scan option is "Deep". Click Scan.

This will start a Deep Scan of your system.

Thank you,
Roy Tobin,
Threat Research
cutting_edgetech
Rank
Userlevel 4
No problem. I will.
JimM
Userlevel 7
@cuttingedgetech wrote:
Btw.. could someone PM me a link to WSA's latest installer? Thanks!
Boom: http://anywhere.webrootcloudav.com/zerol/wsainstall.exe
 
Note: If you are a Best Buy subscription customer who has stumbled across this topic looking for the installer, don't use this one.  Instead, use this one: http://updates.webroot.com/downloads/WRInstallBestBuy.exe 
/// JimM /// /// Former Community Manager - Now Humble Internet Citizen/// /// Also Formerly a Technical Support Escalations Engineer ///
shorTcircuiT
Userlevel 7
Or again, it might be installing Shadow Defender first and Webroot second. I know using other AV software and Webroot together can be done but it works better if Webroot is installed second in my experience.
New to the Community? Register now and start posting! "If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!" WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Both of mine are Dell and when I get them I do a complete reinstall of the OS and download all the drivers needed as they add so much crap but that's great David 😉 got you on the right path!
 
Daniel
cutting_edgetech
Rank
Userlevel 4
I wish that was the case, but I had support ticket for my Sony Laptop. Support tried everything they knew to do and they could not come up with a solution. They even had remote access to my Laptop several times. They said Tony would have to be the one to fix it. Tony came up with a fix after he returned after being away for some time. He fixed the BSOD, but I was not able to run WSA on my Laptop long before it would no longer boot.
 
I sent several bug reports for one of the HP Desktop, and I discovered on my own that there was a conflict with WSA, and SD. They were unable to discover the problem with the dumps I  sent.  I don't believe Webroot had acquired Prevx yet. After webroot took over I tried installing WSA on that machine with SD installed.  They were fine running solo, but as soon as they were both installed together the machine became unusable due to so many BSOD's. I continued installing WSA on that machine probably every 3 months with the same result. The machine was unusable from so many BSOD's. I don't know what change Tony made with SD, but that fixed the problem for that particular machine. I had tried almost all other AV's during that time with SD, and had not problems running them with SD. I only had problems with Prevx / and then WSA.  I had the same result with two other HP desktops, and I didn't report those since I did not think the problem could be fixed.
cutting_edgetech
Rank
Userlevel 4
Yes, it seems best to install WSA last. That resolved the issue for this thread anyway 🙂
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Yea I don't use Desktops anymore for the last 7 years and always to much crap on Laptop's so a clean OS reinstall does the trick! ;)
 
Daniel
shorTcircuiT
Userlevel 7
Best thing to do with a new Desktop is make sure you have a full Windows isntall CD.  Get the computer home, put the recovery CD (If it came with one) up where you can't find it, format C and install everything  yourself.    :)
New to the Community? Register now and start posting! "If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!" WSA-Complete (Beta PC), WSA Mobile (Android), WSA Business Mobile (Android) WSA-Endpoint (PC- Some of the time.....)
cutting_edgetech
Rank
Userlevel 4
Ok, I just submitted a support ticket. Btw.. WSA kills Defender.exe without flagging it at all. It silently kills it in the background. I added that info to the ticket. I forgot to mention it earlier.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
You to David!
 
Daniel
cutting_edgetech
Rank
Userlevel 4
That's strange! Have you been running the latest version of SD, and WSA together on Vista 32 bit long? WSA is not flagging anything as malicious, but as soon as I enable WSA it kills defender.exe closing out SD's UI.  If it's not a false positive then it would be a bug.
cutting_edgetech
Rank
Userlevel 4
TH, thanks for helping to get the files white listed!
Rakanisheu Retired
Userlevel 7
I am currently whitelisting all the files I can find related to this program. I will post when I am finished the whitelisting
cutting_edgetech
Rank
Userlevel 4
That did not resolve the problem. Defender.exe still will not run when WSA is enabled. As soon as I disable WSA it runs without issue.
cutting_edgetech
Rank
Userlevel 4
I also did the deep scan as requested.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.