Solved

wrdata folder



Show first post

88 replies

Userlevel 2
P.S. After accidentally wiping out the WRLog.log file on my Win7 machine; WSA did not display any errors when it was restarted and the file is once again being populated with information.
Userlevel 2
P.P.S. My util is written in Delphi and it relies heavily on my company's library code; I can share some of the source (the parts specifically used by the WebRootLogCleaner app) but not all of the source necessary to compile the whole enchilada (29,340 lines):
 
 
Userlevel 2
FYI, I already private messaged Nic on this subject to let him know that I will be sending him the link for approval before posing the link on this public forum.
Userlevel 2
Hi Snake,
 
How big is the folder? You may want to consider opening a ticket to see if you have a lot of Undetermined files. Undetermined files are journaled by WSA to allow for rollback in the event they are found to be malicious. If you open a ticket, using Help and Support in WSA, your logs are autoloaded with your ticket and support can begin making determinations about any unknown software. Assuming that is the issue that is.  :-)
 
-Keith
Userlevel 7
The db#### files directly relate to monitored processes.  In your situation, you will want to contact support so they can check over what is marked Unknown on your computer and determine it so it will no longer be monitored.  It's also possible that you did something like, for example, install a Service Pack without turning off the AV protection as the Service Pack installer demands you do.
 
In either case, though these files will normally be cleaned up automatically, you will likely want to expedite the cleanup by uninstalling, rebooting, then installing without importing settings.  Afterwards, cleaning up your temp folders would be a good idea.
Userlevel 7
Any db#### files are journalling information.  If you are able to delete these while the agent is running, that's actually bad.  I'll see if we can get more information about the handling of this data over time, but in general when you see a lot of these, it usually means that you're running a lot of things that are highly uncommon and so are not known-good in the system.
 
If you see a lot of ace files, that means a lot of stuff has been cleaned up.  Either there is a lot of infection stuff going on, which is bad, or you're scanning a lot of real malware to "test things".  In any case, the "Average" user does not get a large quantity of files in WRData.  Only people who are either testing against Malware or who are advanced enough to be running a lot of lesser-known or frequently-updated software that is not quickly tagged as Known-Good in the cloud system will get a large WRData folder. 
 
Hmmm... Does that mean that the size of that folder is like a badge of honor indicating how much cool obscure stuff you run?  XD
Userlevel 7
No, seriously, I do not think that I run "...a lot of things that are highly uncommon and so are not known-good in the system" but then again...I might but do not know it.
 
Ah, yes, I suppose I should clarify.  If you install an update so quickly that it hasn't had a chance to become known-good, that counts.  If you use specialized utilities that are uncommon for "Average People" (Mom, Dad, Grandma) to use, that also counts.  The db#### files are per process or PE, so for example, installing a new version of Cygwin packages the moment they come out can result in a few dozen of them. 
 
If you are concerned about the files, then you can look at your scan logs to see what is marked as [u], and the section after the scan logs for mentions of things being monitored, since any of them that execute will create or add to a db#### file.  If they are things that were not transient (for example, if you see the installer for Flash being monitored, you probably just jumped on the update before it was common enough to be known-good, which means you were at the cutting edge of technology 🙂 ), simply opening a support ticket and mentioning that you have a lot of unknown items being monitored can get the data to the Threat Research team to look at.
 
Unfortunately, I'm not completely certain myself what the dst files are, so I'll have to check on that when I get back to the office.  The dba through dbp files are the normal configuration databases, and also include cleanup actions taken and the quarantine contents.
Userlevel 4
Hello,
 
We don’t recommend deleting this file as it can affect the usefulness of the software.  If you do need to clear this file, please uninstall and reinstall the software.
 
That being said, you can help reduce the size of WRData should it become large.  If you delete very old items from your quarantine this can help.  Use caution if you are going to delete from the quarantine however.  In the rare case of a false-positive detection, if the detection has already been deleted from the quarantine this can make the resolution of that issue difficult to fix.  Please do not delete items from your quarantine unless absolutely certain they are not necessary for program or system function.  If you suspect WRData is getting larger than it should we can also look at your logs to see if there are multiple unknown files we can white list or a technical issue we can investigate causing the size to increase.
 
Thanks,
Webroot Support Team
Userlevel 2
Badge +3
Hi Keith,,
The wrdata folder is 323MB at the moment ,,,it just keeps getting larger. It is located in c: documents and settings all users applications data,,,,I have watched it grow since installing webroot secureanywhere essentials.
Userlevel 2
Badge +3
Thanks everybody,,
I submitted a support ticket, will see what webroot has to say about it.
snake
Userlevel 2
Badge +3
Hi TripleHelix,,
Will do!
snake
Userlevel 2
Badge +3
Here is answer from Webroot technical support re: the wrdata folder.
 
"No please do not do anything to the WRData folder, this is our program main folder and if you tried to do anything like removing it it will erase the Webroot software from your computer. The only change we made was to fix the program to allow it to open and work correctly."

Thanks,
Webroot Support Team
 
As far as I am concerned, this is not a good answer. The cloud bases antivirus program was billed as having a very small footprint on the pc. This folder is getting larger than the old program that kept the virus definitions on the hard drive,,,Hope they come up with a better approch soon. I wonder just how large this thing is going to grow.
 
snake
Userlevel 2
Badge +3
Yea , I figured that out,,,just seems there should be a better way than that..
Snake
Userlevel 2
Badge +3
Thanks Corepc,,
I decided the same thing,,,have a great day!
snake
 
Userlevel 2
Badge +3
Thanks Baldrick,,
I sure wish Webrood would figure out a way for the data folder to stop growing so large. They talk about the small size of the program, but this problem sort of makes that misleading. It appears to be a data base much like all the rest of the antivirus programs. Maybe they will get the message and figure out something different.
Thanks again,,,
snake
 
Userlevel 2
Badge +3
 
Hi Kit,,
I had a call from webroot a couple of days ago,,,,they want to take a look at mine to determine what is going on,,,they  told me it is NOT normal for the size of the folder to grow so large. It is supposed to be transfered to the cloud and then deleted from the pc system.  We shall see!
Thanks ,,
snake
 
Userlevel 2
Badge +3
vango44,,
Yes you can clean most of it out,,,,However I suggest you do not do it without contacting Webroot support,. they are very helpful and can instruct you in what you should do.
snake.
Userlevel 2
Badge +3
Hi Baldrick,,
You can safely delete the larger older files ,,,However I would advise you to contact Webroot support and allow them to upload the wrdata folder information for them to analize. They will advise you on a course of action.
Good luck,,
snake
Userlevel 2
Badge +3
Baldrick,,
In my case, the larger files are added any time I uninstall and reinstall a progam. A large data file is left in the folder. You might check after any program is changed on your system to see if it left a new larger file in the wrdata folder.
snake
Userlevel 2
Badge +3
Baldrick,,
I have figured out the  deal about data being retained in my wrdata folder. I am a tester for beta programs. When I install a new beta release like firefox , opera, chrome or any program that is still in beta, a large data file is retained until I delete it. I dont know if this helps, but it is what is happening with my system.
Snake
 
 
 
Userlevel 2
Badge +3
Baldrick,,
I agree!
 
snake
Userlevel 7
Hi Kit, thanks for a very informative & helpful response. WIll you be able to do the same over at Wilders where the topic has also been debated or should one of us munchkins do so instead?

Cheers

Balders
Userlevel 7
Hi Kit

OK, thanks for clarifying. I understand what you are saying and agree...certainly do not want to tread on either Joe's or TH's toes 😞.

Cheers

Balders
Userlevel 7
Running at 0.6Gb here and that is after a re-install some 2 months ago.  Most of the files in the folder are relatively small, although there are a lot of them.  But there are a few ptretty pretty large ones to, ie, 100Mb - ish, so I am wondering if these need to be sent into Support for analysis.
 
Still monitoringthe situation and trying to decide if there is a pattern to this and what I note in terms of usage?
Userlevel 7
Hi Snake

Thanks...have been through this process a couple of times so I am aware of this...and have done so in the past. What I am actually doing is trying to find a specific pattern to why, in my case...and perhaps for others, there is the growth in the folder.

But your suggestion is welcome.

Regards

Balders

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings