It seems I am getting FALSE positive for HITMAN PRO 3.7 as a rootkit.

Hi Shran
 
Thanks for the feedback.  I stand corrected on the default setting...good to have that confirmed (as I do not want to change my configuration at present). ;)
 
Anyway, glad the issue is sorted for you. :D 
 
Now, down to the important stuff...as all this Foruming is thirsty stuff...Daniel, where do you get the A ale from...is that you personal stash? ;)
 
Regards...to you both!
 
 
 
Solly

@CommanderShran wrote:
Hi Daniel,

Yes I have my heuristics (had past tense, I'm now back onto a system image that was made before I put Webroot on). I can't speak regarding to Hitman Pro as I don't use it though.

Shran

When you go back to the other image can you put heuristics back to standard and run a scan to see if it still detects?
 
But in any case contact support and they will whitelist the files or in the case of the OP the Registry Entry.
 
Thanks,
 
Daniel 😉

Hi Shran
 
I understand what you mean re. "...would like to be able to have the higher heuristics enabled".  That was my thoughts when I first started using WSA but as far as I understand it one is perfectly safe/protected with the setting at 'Standard'.  Pushing it to 'Enhanced' or even 'Maximum' is what I would recommend only if there is a suspicion of infection...for the very reason that these higher settings are more likely to give what is generally termed False Positive...but what I call, in WSA's case, Overly Sensitive...;)
 
Regards
 
 
Solly

Hi Shran
 
Completely understand your confusion at the conflicting advice.  The default setting is, I believe, "Standard" (Daniel, please correct me if I am incorrect here) and I trust Webroot to know what the normal settings should be.  But there is nothing wqrong with maxing out the fucntionality...other than the risk of 'Overly Senstives'...as previously stated.  If you can live with that then no problem. ;)
 
Regards
 
 
Solly

Yes Virtual Pints for everyone of age that is!
 
Daniel 😃

Yes have to be old enough lol! What is the legal drinking age where you live if you don't mind my asking?
:D

Shran

Well I live in Ontario Canada and it's 19 years of age and I'm more then twice that! And you?
 
Daniel 😃

I was wondering why I was swinging on the clothes line I wonder which one did it, the Andorian ale or the Romulan ale [img]https://uploads-us-west-2.insided.com/webroot-en/attachment/6197iFDED702D8161645F.gif[/img]
 
Daniel 😃

I know what did it! It was the Tranya of the First Federation!
 
Daniel 😃

Typical...get all IT security geeks, throw in start trek and end up in drunken debuchery.   :)
 
Anywho,  yes my heuristics were set to Maximum.
Yes I do believe that if were to restart when it first asked me to then I would have been fine.  However, the fact taht I overwrote the 2.0 with 2.5 and didn't restart might have been an issue.
 
I am running it along with SandBoxie on a 64bit Windows.
 
Sorry to say I can't replicate the issue since over the weekend I was fooling around with rootkits and other nice stuff that I found on my honey pot and had to re-image the system.
 
One of the baddies decided to lock my Windows 8 drive so the only answer was re-image and drive firmware reflash (it is an SSD).  Tried everything else that I normally try with Windows 8 locked drive (rebuild the BCD etc) to no avail. 
 
I do like running on MAX heuristics, I don't mind false positive as long as it doesn't FP my System Files then I am ok with it.  (Still shudder from the Malware Bytes system file FP debackle that occured few months ago).
 
Number one lesson to have with everything...MAKE sure to keep current images of your system...HD space is cheap nowdays so no excuse not to have a nice fresh at most a month old backup.

That is rather interesting, but not entirely unexpected either.  The way HITMAN works may very well display behaviors similar to malware.
 
I would suggest you submit a Trouble Ticket, which is the suggested method of reporting for potential False Positives.

Ticket Created yesterday.
 
Yes I downloaded from Surfright, however this is what happened.
I downloaded the HItman Pro Alert 2.5 beta with Cryptoguard.  link to it
I allready ahve the Hitman Pro Alert 2.0 installed so I upaded the 2.0 to 2.5 and it prompted me to reboot the PC but I told it to wait.  So I did not reboot the PC (had been working on stuff). 
Then after an hour or so I did the manual Webroot Scan (I do that before I hit the sack) and that's when it found the rootkit. 
 
So I assume the rootkit ID false positive is based on the fact that Webroot is detecting the path to the file and the version but it sees that the file is not "visible" or "running".  So it assumes the file is hidden and unseen by the OS...so it thinks it's a rootkit.
 
I don't know it's a wild guess.
 
I have created a ticket and will check on the detectibility once I get home this evening.