Solved

wrdata folder

  • 5 February 2012
  • 88 replies
  • 14948 views


Show first post

88 replies

Userlevel 7
Balders - We Webroot folks are sticking to the Community here for the most part.  Though I have lurked at Wilders for months (I was previously the person handling all of the Beta testing tickets), we're trying to avoid spreading ourselves too thin.  Plus, think of the reaction there would have been at Wilders if some "silly Webroot person" invaded Joe and TH's stomping grounds. ;) 
 
Please do feel free to forward the information over there though, with the understanding that it's subject to change (for example, I haven't seen res####.db files in weeks).
 
Snake - While it is true that it's not "normal", it's not impossible and not abnormal.  (I'd hope I have some idea what I'm talking about, since prior to QA, I was an Escalation Engineer. ^.^ )  For example, an unknown toolbar DLL injected into a browser will cause the WRData folder to grow to several hundred MB in short order from normal browsing.  A brand new, unknown copy of a torrent client will have an even more dramatic growth effect.  Also noteworthy that "should be sent to the cloud and then deleted" is halfway accurate.  As long as the item is marked as Unknown, your computer will keep a local journal for rollback purposes.  It only gets cleaned up once the item in question is determined to be good, and that process is not instant.  We'd have to find out from dev what the precise rules are for cleanup and database compacting, however I do know that it can take up to a month.  In general, the correction involves determining what the cause is and addressing that cause (Determintaions on unknowns, Quarantine, sync bloat, etc).
 
Normally I'd just pull up your ticket, but this new community system doesn't allow me to see email addresses, so I have no good way to locate ticket or logs (assuming they exist).  As such I will simply need to hope it's addressed well. 🙂
Userlevel 7
Hi Kit

OK, thanks for clarifying. I understand what you are saying and agree...certainly do not want to tread on either Joe's or TH's toes 😞.

Cheers

Balders
Userlevel 2
Badge +3
Webroot support logged on my system yesterday and fixed the wrdata folder problem. Now we will monitor it, and see if the fix holds. The Webroot support team does a great job and my compliments to them.
Snake
Userlevel 7
Badge +55
I agree support is at it's best now, keep up the great work Webroot! :D
 
TH
My WRData folder is now over 3GB!!
 
Almost all of the bulk is in "dbxxxx.db" files.
The largest is 1.5GB
If it helps, ALL these dbxxxx.db files are "blue" in windows explorer (compressed?)
All the other files are "black"
 
This is on SecureAnywhere Antivirus but this topic looks active here so I posted here.
 
Is a re-install the only way to solve this issue?
 
vango44
 
Userlevel 2
Badge +3
vango44,,
Yes you can clean most of it out,,,,However I suggest you do not do it without contacting Webroot support,. they are very helpful and can instruct you in what you should do.
snake.
Userlevel 7
Badge +55
@ wrote:
My WRData folder is now over 3GB!!
 
Almost all of the bulk is in "dbxxxx.db" files.
The largest is 1.5GB
If it helps, ALL these dbxxxx.db files are "blue" in windows explorer (compressed?)
All the other files are "black"
 
This is on SecureAnywhere Antivirus but this topic looks active here so I posted here.
 
Is a re-install the only way to solve this issue?
 
vango44
 
The best thing for now is to do a clean reinstall! Uninstall reboot and reinstall and make sure you have a copy of your license key! Here is the link to download a copy of WSA http://anywhere.webrootcloudav.com/zerol/wsainstall.exe  If you find it getting big again then it would be best to contact the WSA support inbox and they will be happy to help you: Submit a Support Ticket
 
HTH,
 
TH
 
EDIT: And welcome to the Webroot Community Forums!
Userlevel 7
The db#### files directly relate to monitored processes.  In your situation, you will want to contact support so they can check over what is marked Unknown on your computer and determine it so it will no longer be monitored.  It's also possible that you did something like, for example, install a Service Pack without turning off the AV protection as the Service Pack installer demands you do.
 
In either case, though these files will normally be cleaned up automatically, you will likely want to expedite the cleanup by uninstalling, rebooting, then installing without importing settings.  Afterwards, cleaning up your temp folders would be a good idea.
Userlevel 3
WHOA!  What a difference a un-install/re-install made.  Before uninstalling folder size was 958MB, AFTER new install, same folder was only 1.56MB!!  Was that a cleanup or what? 😉  Hope support can get this fixed to where it will be cleaned out in the cloud automatically....
Userlevel 7
Running at 0.6Gb here and that is after a re-install some 2 months ago.  Most of the files in the folder are relatively small, although there are a lot of them.  But there are a few ptretty pretty large ones to, ie, 100Mb - ish, so I am wondering if these need to be sent into Support for analysis.
 
Still monitoringthe situation and trying to decide if there is a pattern to this and what I note in terms of usage?
Userlevel 2
Badge +3
Hi Baldrick,,
You can safely delete the larger older files ,,,However I would advise you to contact Webroot support and allow them to upload the wrdata folder information for them to analize. They will advise you on a course of action.
Good luck,,
snake
Userlevel 7
Hi Snake

Thanks...have been through this process a couple of times so I am aware of this...and have done so in the past. What I am actually doing is trying to find a specific pattern to why, in my case...and perhaps for others, there is the growth in the folder.

But your suggestion is welcome.

Regards

Balders
Userlevel 2
Badge +3
Baldrick,,
In my case, the larger files are added any time I uninstall and reinstall a progam. A large data file is left in the folder. You might check after any program is changed on your system to see if it left a new larger file in the wrdata folder.
snake
Userlevel 7
Nice one Snake, will certainly look at that angle.

BTW...have not found that because I use RB Rx; so I try software and if I decide not to keep it I rollback to a prior install snapshot, which effectively negates any change in the WRDATA folder.

But good tip.

Cheers

Balders
Userlevel 7
Any db#### files are journalling information.  If you are able to delete these while the agent is running, that's actually bad.  I'll see if we can get more information about the handling of this data over time, but in general when you see a lot of these, it usually means that you're running a lot of things that are highly uncommon and so are not known-good in the system.
 
If you see a lot of ace files, that means a lot of stuff has been cleaned up.  Either there is a lot of infection stuff going on, which is bad, or you're scanning a lot of real malware to "test things".  In any case, the "Average" user does not get a large quantity of files in WRData.  Only people who are either testing against Malware or who are advanced enough to be running a lot of lesser-known or frequently-updated software that is not quickly tagged as Known-Good in the cloud system will get a large WRData folder. 
 
Hmmm... Does that mean that the size of that folder is like a badge of honor indicating how much cool obscure stuff you run?  XD
Userlevel 7
Hi Kit
 
Have 42 db#### & 6 ace files...so where do I get my 'cool dude' badge? ;)
 
No, seriously, I do not think that I run "...a lot of things that are highly uncommon and so are not known-good in the system" but then again...I might but do not know it.
 
Any suggestions as what I should upload to Support, etc., so that they can check on it?  Or is there no point?
 
Incidently, I also have a number of db# (where # is between 'a' and 'p') and some dst## files (but not many).  Is the presence of these also significant?
 
Regards
 
 
Balders
Userlevel 7
No, seriously, I do not think that I run "...a lot of things that are highly uncommon and so are not known-good in the system" but then again...I might but do not know it.
 
Ah, yes, I suppose I should clarify.  If you install an update so quickly that it hasn't had a chance to become known-good, that counts.  If you use specialized utilities that are uncommon for "Average People" (Mom, Dad, Grandma) to use, that also counts.  The db#### files are per process or PE, so for example, installing a new version of Cygwin packages the moment they come out can result in a few dozen of them. 
 
If you are concerned about the files, then you can look at your scan logs to see what is marked as [u], and the section after the scan logs for mentions of things being monitored, since any of them that execute will create or add to a db#### file.  If they are things that were not transient (for example, if you see the installer for Flash being monitored, you probably just jumped on the update before it was common enough to be known-good, which means you were at the cutting edge of technology 🙂 ), simply opening a support ticket and mentioning that you have a lot of unknown items being monitored can get the data to the Threat Research team to look at.
 
Unfortunately, I'm not completely certain myself what the dst files are, so I'll have to check on that when I get back to the office.  The dba through dbp files are the normal configuration databases, and also include cleanup actions taken and the quarantine contents.
Userlevel 7
Hi Kit
 
Thanks for the comprehensive reponse.  I susepct that I am indeed one of those who jumps on a latest update or release (I run RB Rx which means that if I find an issue I can very quickly roll back to pre the install)...so I suppose I am at the  cutting edge...as you say...:D.
 
Will take a look as you have suggested but suspect that I will most probably uninistall/reinstall to 'clean' the folder.
 
Regards
 
 
Balders
Userlevel 2
Badge +3
Baldrick,,
I have figured out the  deal about data being retained in my wrdata folder. I am a tester for beta programs. When I install a new beta release like firefox , opera, chrome or any program that is still in beta, a large data file is retained until I delete it. I dont know if this helps, but it is what is happening with my system.
Snake
 
 
 
Userlevel 7
Hi Snake

You could be on to something here as I am/have been a beta tester for some apps I use (including WSA :D)...so there is communality. And if you add this to what Kit has said about jumping "...on the update before it was common enough to be known-good,..." which fits the beta testing profile, then that would explain the size 'issue' experienced by some. ;)

I also suspect that new version of a known-good app will have different hash key, not yet flagged as good...hence the detection of 'suspicious' files, etc.
 
Regards
 
 
Balders
Userlevel 2
Badge +3
Baldrick,,
I agree!
 
snake
Userlevel 2
Badge +3
Hi,,
Its been awhile since I posted, but I have learned not to reinstall or install over the top of a beta program,,,simply check for updates and let the program update itself. This will not increase the siae of the wrdata foldeer contents.
snake
Badge +1
Hello there,
I'm on windows 8.1 and my wrdata folder is above 6GB. This issue isn't solved yet? any help appeciated...
 
Userlevel 7
Badge +55
Hello it's best if you Submit a Support Ticket as that tells me you have lots of unknown files that need to be whitelisted! Also they will let you know how to clean up the WRData folder afterwards.
 
Thanks,
 
Daniel 😉
Userlevel 2
I think the observation about new apps causing the extreme growth of the WRData folder is correct... I'm a (really busy) programmer, and my WRData folder contains 189 GB... Oddly, the Size On Disk is 177 GB (I guess that's the compression).
 


 
I'm going to try that uninstall/reinstall suggestion, but it sure would be nice to be able to clear this in a more civilized manner.

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings