Webroot attack !!!

  • 3 December 2015
  • 19 replies
  • 136 views

Userlevel 3
Hi,
 
This is the second time Webroot wouldn't let me use Explorer 11. I uninstalled Webroot last week and used the built - in Windows Defender and  Hitman Pro and both caught the problem.  Webroot didn't. 
  It did the same today and when I uninstalled Webroot it was ok again  :8
 


 
Don't know what happened, I had just a few months left on my Webroot.....
 

19 replies

Userlevel 7
Badge +36
Hi Acme..................Is IE11 in your Webroot protected Applications?
Userlevel 3
I forgot where it was, do I copy the Explorer 11 link and post it where?  
 
 
 
Thanks for your help   😃
Userlevel 3
I found it, it was already there as 'Protected' .  Below ? has 'WRSA' in Code Injection on the right.
 
 

Userlevel 7
Badge +36
Go back in and delete the entry. Re-enter IE11 from program files and let us know the outcome please!
Userlevel 7
Hi acme
 
If I may just add in here...I too run HMP.A and have never seen this behaviour in relation to WSA. I have tried to replicate the behaviour but am totally unable to, therefore I would recommend that you Open a Support Ticket, linking this thread in so Support can pick up your screenshot, and then see what they can/suggest as to the reasons.
 
I suspect that it is a combination of factors that is specific to your system rather than a general issue with WSA...but I would say that Support will be best placed to determine what the issue is.
 
Regards, Baldrick
Userlevel 3
I had Webroot antivirus and now have Webroot Complete over a year and never seen this.   It did the same with 'Google Chrome' when I tried to use it to fix it.  
 
 
 
:@
@ wrote:
Hi acme
 
If I may just add in here...I too run HMP.A and have never seen this behaviour in relation to WSA. I have tried to replicate the behaviour but am totally unable to, therefore I would recommend that you Open a Support Ticket, linking this thread in so Support can pick up your screenshot, and then see what they can/suggest as to the reasons.
 
I suspect that it is a combination of factors that is specific to your system rather than a general issue with WSA...but I would say that Support will be best placed to determine what the issue is.
 
Regards, Baldrick
 
Userlevel 7
I would still recommend that you open the support ticket, provide all the information you have to the Support Team and let them see if they can figure it out for you.
 
This is one time when it would be best to leave it to the professionals. ;)
 
Baldrick
 
 
Userlevel 5
Badge +1
Hi Baldrick,
 
To have WRSA and HMP.A workng properly together, do you have any recommended settings or exclusions? I have excluded the HMP.A exe as well as HMP exe under block / allow files under PC Security in WRSA, seems to be workng OK today, just re-installed WRSA today after having various issues a few months ago, but I want to re-try this combination and try and keep it working without the two trying to kill each other 😉
Userlevel 7
Hi cavehomme
 
As far as I can tell what you have stated is the best approach for deconfliction...as there is no way from the HMP.A side of things to do something similar.
 
I have not actually done this and have suffered no ill effects whatso ever whichI put down to WSA's designed approach of working with other security applications...as I am testing HMP.A I am looking for such issues but nothing so far to report.
 
Regards, Baldrick
Userlevel 3
I sent the info to Support already .  I re-booted twice and uninstalled Webroot  twice, but still does it.
 
 
 
 
 
 
:8
@ wrote:
I would still recommend that you open the support ticket, provide all the information you have to the Support Team and let them see if they can figure it out for you.
 
This is one time when it would be best to leave it to the professionals. ;)
 
Baldrick
 
 

 
Userlevel 7
Badge +56
Just wait till support gets back to you as there's only so much we can do on the Community!
 
Thanks,
 
Daniel 😉
Userlevel 3
@ wrote:
Just wait till support gets back to you as there's only so much we can do on the Community!
 
Thanks,
 
Daniel ;)
I get this message ? when I tried to just sign on now if BING is present... I have to use DuckDuckGo to dodge this thing.   I'm going to get rid of the Hitman Alert, then Hitman Pro, then Webroot if nothing works    :manmad:
 
 

Badge +8
@ wrote:
@ wrote:
Just wait till support gets back to you as there's only so much we can do on the Community!
 
Thanks,
 
Daniel ;)
I get this message ? when I tried to just sign on now if BING is present... I have to use DuckDuckGo to dodge this thing.   I'm going to get rid of the Hitman Alert, then Hitman Pro, then Webroot if nothing works    :manmad:
 
 


Dear @
 
You don't know me from a hole in the wall BUT please do not use your computer until the Webroot Support Team contacts you. The more you use it, the likelihood of creating more problems increases. I know that this is a difficult request as you really want this issue fixed BUT only the Pros can fix this problem. 
 
Do it for me!!❤️
Theresa
Userlevel 3
I fixed it, got rid of the Hitman Pro ALERT.   I ran Hitman Pro, Malwarebytes Anti-Malware, Emsisoft Anti-malware, Windows Defender, Webroot and all of these came up '0' . 
  The Hitman ALERT is mainly for EXPLOIT hits. A pop-up came up asking to enable Webroot's toolbar last week, I clicked enable. Now I have the tool bar disabled....Maybe that was it ?????? 
      Now Explorer 11 and Webroot are nice again together.   
  If something was real bad, the above anti-virus/anti-malware would have got it, especially Hitman Pro since it's the mother ship of the ALERT.   I have Malwarebytes Anti-Exploit on and it didn't pick up anything during the Alerts...
   If I didn't fix it, disregard all above and call me a Dumb Ash......   :D 
@ wrote:
I fixed it, got rid of the Hitman Pro ALERT.   I ran Hitman Pro, Malwarebytes Anti-Malware, Emsisoft Anti-malware, Windows Defender, Webroot and all of these came up '0' . 
  The Hitman ALERT is mainly for EXPLOIT hits. A pop-up came up asking to enable Webroot's toolbar last week, I clicked enable. Now I have the tool bar disabled....Maybe that was it ?????? 
      Now Explorer 11 and Webroot are nice again together.   
  If something was real bad, the above anti-virus/anti-malware would have got it, especially Hitman Pro since it's the mother ship of the ALERT.   I have Malwarebytes Anti-Exploit on and it didn't pick up anything during the Alerts...
   If I didn't fix it, disregard all above and call me a Dumb Ash......   :D 
EDIT <link snipped as contrary to Community Guidelines>
Userlevel 3
@ wrote:
@ wrote:
@ wrote:
Just wait till support gets back to you as there's only so much we can do on the Community!
 
Thanks,
 
Daniel ;)
I get this message ? when I tried to just sign on now if BING is present... I have to use DuckDuckGo to dodge this thing.   I'm going to get rid of the Hitman Alert, then Hitman Pro, then Webroot if nothing works    :manmad:
 
 


Dear @
 
You don't know me from a hole in the wall BUT please do not use your computer until the Webroot Support Team contacts you. The more you use it, the likelihood of creating more problems increases. I know that this is a difficult request as you really want this issue fixed BUT only the Pros can fix this problem. 
 
Do it for me!!❤️
Theresa
Support got back with me. It's wasn't a major problem and they were going to look at the logs .  I told them I unistalled the ALERT thingy. 
   I didn't think it was a major problem.  I run across stuff like this all the time with other computers (not mine) and fix them so they will work for a little while anyway.   Most problems are solved if I use common sense. The problems are, 'not enough RAM or banging on the key board to make it function' (Not Responding). 
 If I can't get pass PASSWORD and START, then I'll beg for help   ;)
  I ask people for help just to speed up the fixing process , that's how I learn too......
 I might look dumb, but I am stupid.
 
 
 
😃
Wilders Security Forums manitained a board for HitmanPro.Alert.  
HitmanPro.Alert developers started and contribute to the board for HitmanPro.Alert maintained at Wilders Security Forums.   Webroot Community guidelines object to helping by posting links to related information and to where you can get help.
Webroot Community guidlines will probably object to mentioning HitmanPro.Alert.  And Webroot Community will proably object to mentioning Wilders Security Forums.   Webroot Community wants the Community focus to be Webroot.   Even if Webroot user would be helped for free by HitmanPro.Alert developers and HitmanPro.Alert users.   Webroot Community guidlines wants Community focus to be as narrow as possible limited to Webroot.   Layered security as you know may cause conflicts.  HitmanPro.Alert has test tools for you to determine if your layered security setup bumps into HitmanPro.Alert.   
You were right to uninstall HitmanPro.Alert.   Webroot Community cannot help with you with HitmanPro.Alert. 
Webroot Communuty cannot help with layered security querys even though Webroot is marketed as companion security.   You'll have to ask Webroot Support.  
 
This is quote from HitmanPro.Alert developer Mark Loman. 
We do not endorse the use of multiple security solutions as it potentially impedes the ability of these solutions to detect exploits, or adversely affect the capabilities of other installed security products. This is one of the reasons why we created our Exploit Test Tool, to determine if all detection features still work when e.g. HMPA, MBAE or EMET is installed in the presence of another security solution.
Userlevel 3
@ wrote:
Wilders Security Forums manitained a board for HitmanPro.Alert.  
HitmanPro.Alert developers started and contribute to the board for HitmanPro.Alert maintained at Wilders Security Forums.   Webroot Community guidelines object to helping by posting links to related information and to where you can get help.
Webroot Community guidlines will probably object to mentioning HitmanPro.Alert.  And Webroot Community will proably object to mentioning Wilders Security Forums.   Webroot Community wants the Community focus to be Webroot.   Even if Webroot user would be helped for free by HitmanPro.Alert developers and HitmanPro.Alert users.   Webroot Community guidlines wants Community focus to be as narrow as possible limited to Webroot.   Layered security as you know may cause conflicts.  HitmanPro.Alert has test tools for you to determine if your layered security setup bumps into HitmanPro.Alert.   
You were right to uninstall HitmanPro.Alert.   Webroot Community cannot help with you with HitmanPro.Alert. 
Webroot Communuty cannot help with layered security querys even though Webroot is marketed as companion security.   You'll have to ask Webroot Support.  
 
This is quote from HitmanPro.Alert developer Mark Loman. 
We do not endorse the use of multiple security solutions as it potentially impedes the ability of these solutions to detect exploits, or adversely affect the capabilities of other installed security products. This is one of the reasons why we created our Exploit Test Tool, to determine if all detection features still work when e.g. HMPA, MBAE or EMET is installed in the presence of another security solution.
I started with Webroot since (WRSA) was on the image I posted . Since Webroot support said it wasn't a threat I figured it had to be something else. Process of elimination found it wasn't Webroot or Explorer 11.   I wasn't blaming anybody, just touching all bases to find out what happened.
 Thanks everybody for your concern and help..
 
 
 
 
😃
Userlevel 3
@ wrote:
Hi acme
 
If I may just add in here...I too run HMP.A and have never seen this behaviour in relation to WSA. I have tried to replicate the behaviour but am totally unable to, therefore I would recommend that you Open a Support Ticket, linking this thread in so Support can pick up your screenshot, and then see what they can/suggest as to the reasons.
 
I suspect that it is a combination of factors that is specific to your system rather than a general issue with WSA...but I would say that Support will be best placed to determine what the issue is.
 
Regards, Baldrick
I was right. Thanks for your concern and help. Didn't mean to sound like I was jumping the gun.   :D
 
From Support -
 
Hello,

We have reviewed the logs and the system is clean.
It appears the Hitman detection was a false positive on us and may have detected our web filtering extension as an attack.
Antivirus products essentially work the same way as actual viruses so these things can happen from time to time when using multiple products.

If you require any further support or have any comments or questions, please don't hesitate to let us know.

Regards,
Webroot Support

Reply