Can I rest easily?

  • 16 February 2013
  • 1 reply

So, earlier today, I installed Rainmeter (that open-source desktop customization thingy) and installed a skin straight from the Rainmeter site. I noticed that there was a message from Webroot indicating that a threat had been removed. Sure enough, it was from the skin. Just because, I manually scanned the source file of the skin and sure enough, Webroot had to clean/quarantine the file. After that, I promptly uninstalled Rainmeter and deleted the files it left behind. I am now left with multiple questions:
  1. Am I "good to go" from this point on? (as in, I can use my computer without fear of infection?)
  2. Whenever I try to redownload the said skin file, Chrome shows that there are  "insufficient permissions" after the download has completed (and as a result, the file does not appear to be on my system). Is this one of WSA's "learned" behaviors, and if so, which component is doing the access blocking?
  3. Has anyone else experienced issues with WSA and Rainmeter/Rainmeter skins
  4. How has your week been? :D

Best answer by JimM 17 February 2013, 00:11

View original

1 reply

Userlevel 7
Hi :)
1. Yes
2. You would need to restore the file from quarantine and change its determination in Detection Configuration if you're looking to treat this as a false positive.
3. I'm not personally a good source of info on this one since I've never used it before, but perhaps others will comment here.
4. Absolutely excellent, and I'm looking forward to the three-day weekend (which for me starts tomorrow).
I took a look at the behaviors of the files you mentioned, and I'm not sure this isn't a false positive.  It would be worth opening a support case to have those looked at in greater detail by our threat specialists.