Fraps download blocked?

  • 6 August 2014
  • 5 replies
  • 54 views

I'm trying to download the well-known framerate and screen recording utility Fraps from fraps.com.  When I click the download link, Webroot tells me that this link contains a known threat and blocks it.  Can this be correct?  Is Webroot overzealously "protecting" me from everything named "setup.exe" that isn't whitelisted?
 
This is my second day with Webroot.  I've heard good things, but am I going to have to get used to a lot of false positives?

5 replies

Userlevel 7
I use Fraps myself, let me test the download. Webroot isnt blocking all files named setup.exe, a lot of junkware uses that name so you will see lots of setup.exe`s blocked. 
Userlevel 7
The fraps setup file downloaded from the offiical fraps site is good in our database. I dont have a copy of the full version as membership details are not on this PC.
 
http://www.fraps.com/free/setup.exe
 
MD5: 7CCDB06729E2731AF9D0DFBD86B437DE
 
Good since 2013
 
I would like some scan logs from your PC to see the detection. Did you make sure you got it directly from fraps and not a 3rd party website?
This afternoon I can click the link without it being intercepted. I think this is because this morning I chose to download the file despite the warning from webroot. Here is a chunk of log from this morning when I was being blocked. As you can see, I attempted to download directly from fraps.com:
 
 Wed 2014-08-06 08:05:19.0764    Blocked website: http://www.fraps.com/free/setup.exe
Wed 2014-08-06 08:05:19.0765    Closed network connection: [0100007F.55515 - 0100007F.55771]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [0100007F.55771 - 0100007F.55515]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [0100007F.56027 - 0100007F.30488]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.56539 - 19A10517.20480]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.57563 - 702EC2AD.47873]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.58075 - 85E17D4A.20480]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.59099 - 88E17D4A.47873]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.59355 - 772EC2AD.47873]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.59611 - 85E17D4A.20480]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.60123 - 831C5CD8.20480]
Wed 2014-08-06 08:05:19.0765    Closed network connection: [1C01000A.62171 - 831C5CD8.20480]
Wed 2014-08-06 08:09:05.0733    Blocked website: http://fraps.com/free/setup.exe
Wed 2014-08-06 08:09:05.0740    Closed network connection: [0100007F.43484 - 0100007F.43740]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [0100007F.43740 - 0100007F.43484]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [0100007F.64219 - 0100007F.64475]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [0100007F.64475 - 0100007F.64219]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [0100007F.6108 - 0100007F.30488]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [1C01000A.45788 - D3C64F17.20480]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [1C01000A.46812 - 9BE17D4A.20480]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [1C01000A.47836 - 94E17D4A.20480]
Wed 2014-08-06 08:09:05.0740    Closed network connection: [1C01000A.48604 - 145C1548.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.48860 - 145C1548.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.49628 - 03A5EB36.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.50140 - 8DE17D4A.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.50652 - 7E2EC2AD.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.51164 - 9BE17D4A.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.51932 - 8DE17D4A.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.52188 - 9AC17D4A.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.54492 - 8862156B.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.58076 - 6E2EC2AD.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.58332 - 5FC17D4A.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.58588 - 5FC17D4A.47873]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.58844 - 89E17D4A.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.61148 - 82E27D4A.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.61404 - D802D236.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.62428 - 772EC2AD.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.63708 - 4A5BE636.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.477 - 1FC54F17.20480]
Wed 2014-08-06 08:09:05.0741    Closed network connection: [1C01000A.733 - 11E7A7D1.20480]
Wed 2014-08-06 08:09:15.0242    Begin passive write scan (1 file(s))
Wed 2014-08-06 08:09:15.0489    End passive write scan (1 file(s))
Wed 2014-08-06 08:09:41.0298    Website determination changed: http://fraps.com [Level: 00000000] [Type: 00000004]
Wed 2014-08-06 08:18:30.0049    Saved updated configuration
Wed 2014-08-06 08:25:46.0273    Blocked website: http://www.fraps.com/free/setup.exe
Wed 2014-08-06 08:25:46.0273    Closed network connection: [0100007F.41438 - 0100007F.41694]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [0100007F.41694 - 0100007F.41438]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [0100007F.42206 - 0100007F.30488]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.59102 - 035BE636.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.3295 - ADB5332E.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.5087 - 7464F736.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.5343 - DE59E636.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.5599 - DE59E636.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.5855 - DE59E636.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.6111 - DE59E636.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.6367 - DE59E636.47873]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.11999 - 831C5CD8.20480]
Wed 2014-08-06 08:25:46.0273    Closed network connection: [1C01000A.12255 - 831C5CD8.20480]
Replying to my reply:  I am in fact still getting blocked, but sort of retroactively now.
 
I click the download link on the fraps Download page and my browser (Firefox 31.0) prompts me to save the file.  After I click "Save", then Webroot displays the "Malicious Content Blocked" image.
Userlevel 7
Badge +62
@ wrote:
Replying to my reply:  I am in fact still getting blocked, but sort of retroactively now.
 
I click the download link on the fraps Download page and my browser (Firefox 31.0) prompts me to save the file.  After I click "Save", then Webroot displays the "Malicious Content Blocked" image.
Welcome bobz to the Community Forum Great to have you here!! What version of WSA do you have by the way?
 
We are very sorry you are having these issues. Maybe another expert member can advise here but you can always contact support by issuing a Support Ticket Here and they might want some scan logs from your PC to see the detection.
 
Please get back to us and let us know if this hasn't been resolved.
 
EDIT: Excuse me.. bobz... I just noticed you were working with

...so lets hope hes still online..
 

Reply