Solved

Webroot Internet Security Plus fails in EICAR test and I am concerned about its effectiveness


I´m a relatively recent user of Webroot Internet Security Plus. During a lot of years i´ve used other suite.

My primary notebook got a problem (is under repair) and now i´m using an old one, with a Celeron processor.

So searching for a “light” security suite I saw good reviews of Webroot and I bought the software. It´s easy to use, no impact in notebook performance, it seems great with Windows 10… but…

Now with all pandemic things and a lot of warnings to be careful using internet, i wondered if Webroot works really fine. Searching in google, i saw a lot of sites recommending a method to test if the antivirus is working, with a not harmful file from EICAR (Supposedly it’s a very common test).

I accessed to the EICAR website and i´ve downloaded the files. No reaction from Webroot… With the files on my notebook, and scanning each one individually, also no reaction… i got worried… it was supposed to get a false positive. But Webroot do not detects the EICAR… just to be sure if i´ve done all ok, i uninstalled Webroot and installed my other security suite (that makes the notebook slow, slow very slow), and it detected immediately the false positive, and also navigating to the EICAR website the other suite didn´t allow to download the files…

In conclusion, i´m worried, i´ve paid for Webroot, but it fails in a simple test apparently… Is there any explanation? Actually i need a “light” security suite, but that works and keeps me safe… and i´m very concerned… also Webroot do not answer to my support tickets… i do not have a clue of what is going on…

Any ideas…

Thanks in advance to all,

icon

Best answer by DanP 23 April 2020, 22:24

View original

15 replies

If helps to any idea, i´m using a notebook with Celeron at 1,2 Ghz, 4 Gb RAM, 1 Tb hard disk, Windows 10 last version, all updated.

One more time, thanks for any help. :pray:

Userlevel 7
Badge +63

Hello @turista_pt 

 

Most of these tests don’t get past the Web Shield: https://www.amtso.org/security-features-check/

 

I will ping @DanP to see if he can add more info.

 

If your not seeing the blocked pages can you tell me what Browsers you are using?

 

 

Userlevel 7
Badge +63

Much more info here on Webroot’s Blog about the EICAR test files!

 

EICAR – The Most Common False Positive in the World

 

https://www.webroot.com/blog/2018/09/05/eicar-common-false-positive-world/

Dear @TripleHelix 

First, thank you a lot.

I´m using the Webroot Internet Security Plus last version (it says no updates needed), and concerning to browser, the new Edge and also Opera.

In the Edge, i´ve also installed the Webroot extension.

What is really realy strange is that even after the download, scanning the EICAR files with Webroot, it says all is ok… :-( nothing is detected. And as mentioned above, using my other security suite on the same pc, worked fine, Eicar detected... but for a Celeron pc, i really need a light security suite, so i really hope to use Webroot, to be able to work, and of course becouse i´ve paid for the product.

Many thanks, regards, 

Userlevel 7
Badge +63

Did you read the Webroot Blog? I wouldn’t be concerned about EICAR test files but the real bad ones is what Webroot is all about! About Opera see if the Chrome Extension will install on it: https://chrome.google.com/webstore/detail/webroot-filtering-extensi/kjeghcllfecehndceplomkocgfbklffd

 

 

 

@TripleHelix  Yes, many thanks for the links.

However, what concerns me is if the product is really really working… According to Virus Total as you can see in the pic, Webroot detects EICAR has W32.Eicar.Testvirus.Gen

 

So, what afraids me is if for any reason, my version is not working well or something like that. Because even in manual scan, no detection.

And in this pandemic days, i (and a great part of the world) really depend of working at pc, so i need to be sure that i´m protected… and the repair of my main laptop appears to be long due to the Covid. So i need to use this Celeron, but, my concern is specially with mantaining all the files and transactions safe.

Regards,

Userlevel 7
Badge +63

I don’t get any detection's as well but I’m not concerned as they are just test files!

 

WSA’s Identity Shield is the best feature I like on WSA! https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingIdentityProtection/ManagingIdentityProtection.htm%3FTocPath%3DUsing%2520Identity%2520Protection%7C_____1

@TripleHelix

but the following picture that you have posted is not from your pc?

Also, in my case, in the Edge, the Webroot extension shows the Eicar site as yellow and allows to download the files as i´ve told, and after scan nothing. 
Is possible that my setup file from Webroot could be damaged or something like that? 

Many thanks, 

Userlevel 7
Badge +63

This is the site: https://www.eicar.org/ and the one I posted is from here: https://www.amtso.org/security-features-check/ but then you get a block when trying to download files.

Userlevel 7
Badge +63

Also this is what I get when opening one of the test files!

 

 

Userlevel 7
Badge +63

Some legitimate files are not included in this log
[g] E:\Daniel\Downloads\eicar.com [SHA256: 275A021BBFB6489E54D471899F7DB9D1663FC695EC2FE2A2C4538AABF651FD0F] [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00000200.11188]

 

[g] Means known good but: I will ping @DanP and we will wait to see what he says! Maybe it has something to do with Webroot’s new Script Shield Protection?

 

Thu 2020-04-23 13:39:20.0876    ScriptShield active config: 2S(2) yes, SR(2) no, SSH no, FLR yes, RUD yes, SDE(2) yes, DSR no, DQT 65536, MFS 100, USE yes, UNR no

 

 

Userlevel 7
Badge +35

@TripleHelix  Yes, many thanks for the links.

However, what concerns me is if the product is really really working… According to Virus Total as you can see in the pic, Webroot detects EICAR has W32.Eicar.Testvirus.Gen

 

So, what afraids me is if for any reason, my version is not working well or something like that. Because even in manual scan, no detection.

And in this pandemic days, i (and a great part of the world) really depend of working at pc, so i need to be sure that i´m protected… and the repair of my main laptop appears to be long due to the Covid. So i need to use this Celeron, but, my concern is specially with mantaining all the files and transactions safe.

Regards,

 

@turista_pt 

Due to the way we detect Eicar, we do have an alternative test file that you can use:

http://download.webroot.com/WebrootTestFile.zip - you’l want to extract the file.

 

I show the Eicar download blocked in Edge when I try to download it:

 

Thanks,

 

-Dan

@DanP  First, thanks for you answer.

As i do not receive the warning as you in my Edge (just appears yellow as potencial harmful), is it possible that my Webroot Internet Security Plus is compromissed or with errors?
Maybe a new install could fix this? In order to download i use the link that was sent to my email after paying the Webroot i assume that the link is ok.

Also, it is possible to tell me why i do not receive webroot emails in order to recover my password to access my Webroot area? Or why Webroot not answer to my support ticket?

Sorry for so many requests,

Waiting an answer, regards,

Userlevel 7
Badge +63

@turista_pt  you get the blocked page when you try to download the file as Dan said not when you visit https://www.eicar.org/

 

You should get a page block with this link: http://2016.eicar.org/download/eicar.com.txt

 

 

The rest of your reply you may need to call Webroot Support during there hours and when you do a Ticket only do one! https://www.webroot.com/us/en/support/contact

 

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue and support can take up to 48 hours to reply.

Userlevel 7
Badge +63

Thanks @DanP for the Webroot Test File!

 

 

Thu 2020-04-23 18:45:33.0909    Infection detected: E:\Daniel\Downloads\WebrootTestFile\WebrootTestFile.exe [SHA256: 00E07A9D9EA7603A8E9EFE9AA5C23CEC7B58A334030DB8B1CC8468F17A6E0EA1] [MD5: 29086233E89F2887F22C825A6CC2B8C2] [3/00080000] [W32.Webroottestfile]


Thu 2020-04-23 18:45:33.0909    Infection found in realtime: E:\Daniel\Downloads\WebrootTestFile\WebrootTestFile.exe [UniqueID: 9D7AE000, MD5: 29086233E89F2887F22C825A6CC2B8C2, Size: 211456 bytes] [524288/00000003] [W32.Webroottestfile]

Reply