Solved

www.adobe.com


Userlevel 7
Badge +13
Hello everyone.It's been awhile.I noticed while navigating to www.adobe.com that i now get a notice saying the site contains malicious content and then the buttons to block or allow.I opted to just close the window to be safe.Has anyone else encountered this issue?Thanks for your time
icon

Best answer by MikeR 22 March 2012, 15:37

View original

28 replies

Userlevel 7
Me too since today. Yesterday I been there to check for Shockwave player and the site was accessible without WSA warning. It looks like a FP. 
Userlevel 7
Badge +13
Nice to know i'm not the only one.I decided to block it for the moment just to be safe.Can always unblock it later.In this day and age,it wouldn't surprise me that adobe would or could be hacked.Will steer clear of the site for now.Thanks for taking the time to reply:D
Userlevel 7
Hello superssjdan and Pegas,
 
Thank you for bringing this to our attention! We are now looking into this and will update you as soon as possible. Thank you for your feedback!
 
 
Mike R
Social Online Support Engineer
Userlevel 7
Thx MikeR for taking care about the issue ;)
 
I hope it will end up in a FP because I entered this website eventually via Opera which is unfortunately not supported yet by WSA web shield. On adobe web there are a lot of flashs so maybe some of them waked up WSA. OK wil see ...
 
In this relation can you Mike or someone else from Webroot explain in case of missing web shield protection for Opera what module of WSA protection secures me against nasties which might be waiting to penetrate into a PC on a hacked webpage (let's fancy adobe web would be really infected)?
 
Thanks & regards,
pegas 
Userlevel 7
No problem pegas :D
 
Regarding your first question about whether or not it will be a False Positive or not. I think this issue would be fixed on both of your machines by uninstalling and reinstalling and then "Not Importing Previous Settings" because it should not be found as malicious and the un/re is needed to clear out your local database.
 
1.  Open your Start menu.
2.  Click Programs or All Programs, then navigate to the Webroot SecureAnywhere folder.
3.  Under Webroot SecureAnywhere, open the Tools folder, then click Uninstall Webroot.
4.  Click Yes and follow any prompts that appear.
It is not necessary to reboot your computer after uninstalling Webroot.  To reinstall, click the link below to download the latest installer.
 
1.  Save the file to your desktop.
2.  Double-click "wsainstall.exe" to run the installer.
3.  Enter your keycode when prompted.
4.  Click Agree and Install.
5.  If asked "Would you like to automatically import the settings that were used in your previous installation?", click No.  Webroot SecureAnywhere reinstalls itself. 
 
As far as using unsupported browsers such as Opera the hueristics would come into play in the case that there were nasties and malicious threats on the website you were accessing.
 
Please let me know if the uninstall/reinstall without importing previous settings works.
 
Thanks!
 
Mike R
Social Online Support Engineer
Userlevel 7
Hello Mike,
 
Thx for the fast response. Nevertheless the issue has solved itself. After your message I tried again to go on adobe.com and now I got there without WSA warning and I could surf over the web without problems. So no need to reinstall.
 
I may have however explanation. If I wrote that adobe.com was labelled by WSA since today I meant in fact since today early morning. A routine scheduled scan has run today about noon. If it was a FP Webroot may have got to know it and have whitelisted the page before my scan initiated. Would it be possible?
 
As regards Opera protection, glad WSA always stands by me.
 
Thanks & regards,
pegas 
 
Userlevel 7
Badge +13
I did the uninstall and reinstall and now i can view the adobe site.Do not know if it is a result of the uninstall and reinstall,or due to some change not on my end.The uninstall and reinstall went so very quick.I absolutely love this product.Thank you so much for your time.
Userlevel 7
Hey pegas and super,
 
You are correct that it was a false positive and your scenario is completely possible. An update automatically gets pushed to the client when definitions are updated.
 
We will continue to do so!
 
Super, thank you for the positvie feedback and please continue to contribute the Community! :D
 
Thanks, 
Userlevel 7
It's very interesting because all it takes is one display of an infected advertisement or some questionable web content to a scanner bot to get a site temporarily blacklisted.  The ad might show to one out of 1000 people, and be removed within an hour, but the blacklist will last for a while depending on the nature of the site.  Or if DNS servers not under Adobe's control temporarily redirect to a malicious site, that would do it too.  For example, if Comcast's DNS servers get hit, anybody on Comcast would find it blocked.  Adobe at least is a big site, so if it gets blacklisted over a security hiccup, it's remedied quickly once the problem is gone and only cached determinations may need to be cleared on agents locally (Uninstall/Reinstall does this).
 
We're still looking into the cause of the Adobe block earlier today, but it looks so far to be a very limited event.
Userlevel 7
Badge +56
@ wrote:
It's very interesting because all it takes is one display of an infected advertisement or some questionable web content to a scanner bot to get a site temporarily blacklisted.  The ad might show to one out of 1000 people, and be removed within an hour, but the blacklist will last for a while depending on the nature of the site.  Or if DNS servers not under Adobe's control temporarily redirect to a malicious site, that would do it too.  For example, if Comcast's DNS servers get hit, anybody on Comcast would find it blocked.  Adobe at least is a big site, so if it gets blacklisted over a security hiccup, it's remedied quickly once the problem is gone and only cached determinations may need to be cleared on agents locally (Uninstall/Reinstall does this).
 
We're still looking into the cause of the Adobe block earlier today, but it looks so far to be a very limited event.
Maybe that would be a Good Feature request that we can clear the cache and the WRData Folder without doing a reinstall do you think it's possible Kit? If not possible with the WRData Folder then maybe just the cache?
 
TIA,
 
TH
Userlevel 7
Badge +13
Wasn't really worried at all as i know i am protected:D
I'm sure the block happened for a reason.I would rather err on the side of caution and have a block at least for a short time,than to visit the site and take my chances,so the block was no big deal for me.If the adobe site either directly or indirectly had been compromised,it wouldnt be the first time,probably won't be the last.I'm very thankful that WSA has kept and will continue to keep me safe.
Userlevel 7
Badge +56
@ wrote:
Wasn't really worried at all as i know i am protected:D
I'm sure the block happened for a reason.I would rather err on the side of caution and have a block at least for a short time,than to visit the site and take my chances,so the block was no big deal for me.If the adobe site either directly or indirectly had been compromised,it wouldnt be the first time,probably won't be the last.I'm very thankful that WSA has kept and will continue to keep me safe.
Always! I rather have a FP and not be able to see a site because of it then to be able to get redirected to a malicious web site and possibly getting a infection! ;)
 
TH
Userlevel 7
@ wrote:
Maybe that would be a Good Feature request that we can clear the cache and the WRData Folder without doing a reinstall do you think it's possible Kit? If not possible with the WRData Folder then maybe just the cache?
 
TIA,
 
TH
The cache is there specifically to prevent the agent from asking the cloud about everything all the time.  We're actually both working on optimizing cache handling as well as a cloud-push system for cache overrides:  Specifically, if the cloud knows that it sent a specific determination to you, it will also update those by push alert in the event the decision changes.
Userlevel 7
Badge +56
Great thanks for the explanation Kit! ;)
 
TH
Userlevel 7
I fell in love with Kit's explanations across the community forum :D
Userlevel 7
Badge +13
Very well put and very detailed.Gives some of us a better picture of the landscape and how things can happen.Kat is indeed a credit to Webroot and one of the reasons i'll never go back to any other security product as my primary protection.No attitude,no condescension,etc in these forums..just a sincere desire to help and also impart some knowledge along the way.It's a far cry from what i'm used to in years past in other forums.Please keep up the great work:D
Userlevel 7
@ wrote:
Very well put and very detailed.Gives some of us a better picture of the landscape and how things can happen.Kat is indeed a credit to Webroot and one of the reasons i'll never go back to any other security product as my primary protection.No attitude,no condescension,etc in these forums..just a sincere desire to help and also impart some knowledge along the way.It's a far cry from what i'm used to in years past in other forums.Please keep up the great work:D
But...  but...  But I'm a Kit, not a Kat...  :catsad: 
 
CatB is a Cat. 
My wife is Kat (and doesn't work here). 
I am Kit.  :catvery-happy:
 
 
Userlevel 7
Badge +13
Lol.I stand corrected:D
Userlevel 7
Badge +56
@ wrote:
@ wrote:
Very well put and very detailed.Gives some of us a better picture of the landscape and how things can happen.Kat is indeed a credit to Webroot and one of the reasons i'll never go back to any other security product as my primary protection.No attitude,no condescension,etc in these forums..just a sincere desire to help and also impart some knowledge along the way.It's a far cry from what i'm used to in years past in other forums.Please keep up the great work:D
But...  but...  But I'm a Kit, not a Kat...  :catsad: 
 
CatB is a Cat. 
My wife is Kat (and doesn't work here). 
I am Kit.  :catvery-happy:
 
 
Hey do you want to share a KitKat Bar?:D
 
TH
Userlevel 7
Oh, give me a break. 😉 Though we have been told over the years that it is a sweet relationship.
Userlevel 7
Badge +56
@ wrote:
Oh, give me a break. 😉 Though we have been told over the years that it is a sweet relationship.
That's good to hear! And it's nice that you have a sense of humor! ;)
 
TH
Userlevel 7
This is security. I need to have a sense of humor. Even when replying on my phone from outside the office. Did you know that the community site has a mobile version automatically?
Userlevel 7
Badge +56
HeHe I guess it's time to upgrade my Phone maybe next year! But I have OnStar Phone in my car! :catvery-happy:
 
TH
Userlevel 7
@ Kit
While the main Webroot site has a mobile version automatically, that's not the case for its subsections. If you go for instance to the android forum you get on the regular web page that is the same with the one you can access from PC.
 
Heck, I am getting the below error when trying to quote someone's post?
http://www.mediafire.com/conv/d9240b5a68b85af9f4ad8bb16a0115627c5b4dd4c24705faf8195bc77458d51c6g.jpg 
Userlevel 4
Hi pegas,
 
Actually the Webroot Community does automatically scale for mobile devices, as does the regular Support site. 
 
If you type in "community.webroot.com" on Android or iOS devices, you should be shown the Mobile version of the Community  and not the standard site. I tested this using the Dolphin Browser on Android.  Most of the other sections from our website do have mobile versions as well, including our Support "Virtual Agent."  Another way to access the Community on a Mobile device is to select the "Connect with US' button and then choose the Community button.
 
Please try it out and let me know if you still do not get redirected properly.
 
Thanks,
Howard

Reply