False Positive - System Security Guard

  • 26 June 2012
  • 3 replies

This file is safe. This exhibit scanners on VT. I enclose the address of the result of the scan file. Enclosed is your home address applications. The file I sent for analysis through a program of WSA Complete.
*link to third party security program removed
**please do not post links to third party programs
***please see The Community Guidelines section "Don't be a spammer."

Best answer by JimM 26 June 2012, 20:23

View original

3 replies

Userlevel 7
Hi Andrzej76,
Questions concerning whether or not a file was appropriately or inappropriately flagged need to go through the support system.  Whether you are requesting to submit a file or reporting a false positive (as you have previously done), in either case our threat researchers ultimately need to get Webroot logs from your computer in order to be of assistance.  Unfortunately, the Webroot Community cannot do this for you, as that is not the function this forum is designed to fulfill.  However, the support system is built to obtain most (if not all in many cases) of the necessary information at the time you put in the initial support request.  Please open a support ticket to get in touch with a Webroot threat researcher who will be happy to review the files in question.  When you open the support ticket, please do it from a computer that is experiencing the problem in question so that the log data will reflect the reported issue.  This will greatly expedite the time in which a researcher can manage your case.
While VirusTotal can be very handy for gaining consensus on which files are actual threats versus which files are not, it does not provide a definitive answer.  However, a Webroot threat researcher can look at the behaviors of any given file to determine by its actions whether or not it is malware.  While generally speaking, most files that show up with a 100% clean detection rate on VirusTotal are in fact not malware, it would be incorrect to state that VirusTotal is correct in 100% of such cases.  In this particular example, if you put the URL you provided through VirusTotal instead of the file you obtained from it, you get at least one engine picking the site itself up as a malware link.  Does that mean it's actual malware?  It would be prudent to check with our experts.
It is important that when you doubt the findings of an antivirus program and there is any question about whether or not a given file or link contains malware to be able to put a set of human eyes on it to see what it is in fact doing.  Webroot provides support which does exactly that, but you need to submit the query through the support system.
Thank you,
"to get Webroot logs from your computer"
Unfortunately, I do not have logs because the program does not allow to install the application by showing that it is a Trojan and removes it immediately. I reported this fact to the Webroot customer service and asked for a tool to analyze processes and files as you suggested. Thanks for the info, regards.
Userlevel 7
There will be a log available of the quarantining of the file and why it did that. Thank you for opening the support ticket. I'm sure that data will be useful.