Solved

Webroot Detecting Threat System/Framework...../support/MDS

  • 20 June 2019
  • 9 replies
  • 1044 views

Userlevel 1
Badge +3
For some reason webroot secure anywhere is detecting the following file as a threat but only when there is a USB power cable connected to the back of my imac. here is the file it says is a threat. System/library/frameworks/coreservices.framework/versions/a/frameworks/metadata.framework/versions/a/support/mds

i did a little research and it seems that file has something to do with spotlight search. is it safe to mark that as allow in the block allow page and why would webroot only say it is a threat when a cable is connected.

thank you
icon

Best answer by ProTruckDriver 21 June 2019, 00:25

Hello @medusanyc , Welcome to the Webroot Community Forum.

I have never seen this detection before on a Mac. The file may have to be whitelisted. To be on the safe side, Please submit a Support Ticket or Contact Webroot Support to sort this problem. This service is FREE with a Paid Subscription.
Support Ticket System is Open 24/7

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.

HTH,
Dave.
View original

9 replies

Userlevel 7
Hello @medusanyc , Welcome to the Webroot Community Forum.

I have never seen this detection before on a Mac. The file may have to be whitelisted. To be on the safe side, Please submit a Support Ticket or Contact Webroot Support to sort this problem. This service is FREE with a Paid Subscription.
Support Ticket System is Open 24/7

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.

HTH,
Dave.
Userlevel 1
Badge +3
this is not happening on my own PC but on a iMac belonging to one of my clients. i manually entered that file to be allowed so that the user does not get a warning about it being a threat when it runs any scans.

after creating that exception we ran a scan which came up clean. shortly after that the following message popped up. i told the user to click ignore in response to the message.


if you don't think we should have ignored this message, let me know how to reverse that choice.

I can get in touch with the user but what exactly would you like to have them do? please let me know so that we don't have to waste too much more time with this issue.
Userlevel 7
Hello @medusanyc The fast way to get a correct answer on this question is to Contact Webroot Support Call them directly and talk to a Webroot Support Employee. They would know the answer.
Userlevel 1
Badge +3
Contacting Webroot support is not as simple as you say. The machine is not in my office and the client is not near the computer in question during business hours. I am pretty sure that the machine is clean since it scans clean even without the exception if there are no power cables connected to the machine. Not sure why an iPhone power cable connected to system would cause SecureAnywhere to flag that file as a threat but not a threat when it not connected.

That being said. I did submit a Support Ticket and will await a reply to see what they think is necessary or what they would like me to do.

Found this post on apple's support forum
https://discussions.apple.com/thread/7787922
which seems to indicate that the file in question is not a threat so based on that I set SecureAnywhere to allow that file. If you feel that was premature I can connect to system and change the settings back, re-run scan and re-submit a ticket.
Userlevel 7
Please post the response from Support. I will be very interested to see what they have to say about this.

The link you posted from the Apple Forum I see that Thomas Reed posted a reply in that thread. I know Thomas Reed and he is a Mac Expert. His response is very interesting.
https://discussions.apple.com/thread/7787922?answerId=31109928022#31109928022
Userlevel 7
Badge +55
@medusanyc you can always put the Keycode if you know it in the support ticket and they can see the said detection's that way as well.
Userlevel 7
@medusanyc you can always put the Keycode in the support ticket and they can see the said detection's that way as well.
Interesting. I didn't know that, thanks Daniel. Learned something new today. ☺
Userlevel 7
Badge +55

@medusanyc you can always put the Keycode in the support ticket and they can see the said detection's that way as well.Interesting. I didn't know that, thanks Daniel. Learned something new today. ☺

Yes I seen @DanP suggest that a couple of times. 😉 And they can whitelist files using the Keycode as well with no need of a log!
Userlevel 1
Badge +3
Thank you TripleHelix for that information. Can get keycode from user and will use it when requested. That makes things very easy.

I saw all the replies in that apple support thread. If you say Thomas Reed is an expert and he says the file is fine then I would say case closed.

thank you all for your assistance 🙂

Reply