Solved

wrdata folder

  • 5 February 2012
  • 88 replies
  • 15049 views


Show first post

88 replies

Userlevel 7
Obviously I land with TH on this.. but all is good as long as given an "OK" after being reviewed.  As for becoming a part of the product... that would be... pretty doggone cool if it works well and is polished enough to not remove rollback data that is still needed!
 
 :)
Userlevel 7
Hi nebula
 
I have posted this before but cannot find the thread to direct you to so I will repost the information here.
 
If you are technical (and I believe that you are) then are there are other ways that avoids the uninstall/reinstall, which involves the review of the 'dbnnnn.db files in the C:ProgramdataWRDATA folder, and then the deletion of selected ones of this file type. But I should stress at the outset that you need to be careful when employing these approaches.
 
The first is not ideal but it does avoid the uninstall/reinstall and also preserves to some extent the rationale for those files; as you may have surmised from the thread these files are the journal files produced when WSA sets a file/app to 'Monitor' and so are important in case WSA has detected a suspicious or an as yet undetermined (in terms of goodness/badness) file/app and then determines it is bad and then needs to roll back its activities, etc., in which case the relevant 'dbnnnn.db' file is required.
 
The problem is that we cannot easily tell which 'dbnnnn.db' relates to which file/app in the system (there is a way by looking in the Registry but I have lost my notes on that...must try to find them) so the best thing to do is to (i) check all places in WSA where files could be set to 'Monitor', decide whether they are OK or not (and if in doubt leave them as such), (ii) try to work out roughly when a file/app that is set to 'Monitor' was so set & (iii) then go to the C:ProgramdataWRDATA folder and carefully delete all 'dbnnnn.db' files that are either prior to a certain period, i.e., say more than 2 weeks old, on the basis that WSA should have been in a position to sort out if the journal is required or not, or delete everything except for the 'dbnnnn.db' files that are circa the dates that you believe that you 'Monitored' files/apps may have started to be monitored, etc.
 
The above may seem more convoluted that an uninstall/reinstall, but I have found that it seems to work well, and does give you a better chance of keeping 'dbnnnn.db' files that may be needed; after all an uninstall/reinstall should clear all the files in that folder regardless of whether they are needed or not.
 
A second, alternative way which may be more accurate but takes longer is to run Save a Scan Log and from the text file produced do a search for ‘(nnnn)’ (without the ‘’ marks) where ‘nnnn’ is the ‘nnnn’ portion of the ‘dbnnnn.db’ file(s) found in the C:ProgramdataWRDATA folder.  This should find an entry in the Log from which you can identify the application/file that is being monitored and to which the journal file concerned belongs;
 
Sat 12-09-2015 10:21:40.0098         Monitoring process C:BrowsersMaxthonPortableBinMaxthon.exe [63D4BC1DABF35B13C94A9FAE02D7C0FF]. Type: 3 (1235)
 
relates to file ‘db1235.db in the C:ProgramdataWRDATA folder.
 
Of course, this is not ideal in terms of dealing with many ‘dbnnnn.db’ files but if one can identify the largest of these files and start with those then one can reduce (safely) the size of the folder.
 
Hope that helps you with your space issue and the size of your WRData folder.
 
Regards, Baldrick
Userlevel 7
Hi Nebula
 
Completely understand where you are coming from. Hopefully things will improve in that area in the future as I believe that the Development Team are looking at this whole area.
 
I try to temper things by remembering that the .db files in the WRData folder forma a valuable part of the insurance that WSA provides should an unknown fiel/app be found on your system and then prove to be malicious. ;)
 
Regards, Baldrick
 
 
Userlevel 2
Hi Snake,
 
How big is the folder? You may want to consider opening a ticket to see if you have a lot of Undetermined files. Undetermined files are journaled by WSA to allow for rollback in the event they are found to be malicious. If you open a ticket, using Help and Support in WSA, your logs are autoloaded with your ticket and support can begin making determinations about any unknown software. Assuming that is the issue that is.  :-)
 
-Keith
Userlevel 2
Badge +3
Hi Keith,,
The wrdata folder is 323MB at the moment ,,,it just keeps getting larger. It is located in c: documents and settings all users applications data,,,,I have watched it grow since installing webroot secureanywhere essentials.
Userlevel 2
Badge +3
Thanks everybody,,
I submitted a support ticket, will see what webroot has to say about it.
snake
Userlevel 2
Badge +3
Hi TripleHelix,,
Will do!
snake
Userlevel 2
Badge +3
Here is answer from Webroot technical support re: the wrdata folder.
 
"No please do not do anything to the WRData folder, this is our program main folder and if you tried to do anything like removing it it will erase the Webroot software from your computer. The only change we made was to fix the program to allow it to open and work correctly."

Thanks,
Webroot Support Team
 
As far as I am concerned, this is not a good answer. The cloud bases antivirus program was billed as having a very small footprint on the pc. This folder is getting larger than the old program that kept the virus definitions on the hard drive,,,Hope they come up with a better approch soon. I wonder just how large this thing is going to grow.
 
snake
Userlevel 2
Badge +3
Yea , I figured that out,,,just seems there should be a better way than that..
Snake
I think something like this would work
 
How about When a new version is released and either is auto installed or manually installed,
 
it checks and if the wrdata folder is present it should be wiped automatically.
 
Mine has grown to 181 mb and that is Just WRSA Antivirus , and that is since 1-11-2012..
 
Once it get around 200mb, then I usually uninstall and reinstall.. 
Userlevel 2
Badge +3
Thanks Corepc,,
I decided the same thing,,,have a great day!
snake
 
Hello,
 
We don’t recommend deleting this file as it can affect the usefulness of the software.  If you do need to clear this file, please uninstall and reinstall the software.
 
That being said, you can help reduce the size of WRData should it become large.  If you delete very old items from your quarantine this can help.  Use caution if you are going to delete from the quarantine however.  In the rare case of a false-positive detection, if the detection has already been deleted from the quarantine this can make the resolution of that issue difficult to fix.  Please do not delete items from your quarantine unless absolutely certain they are not necessary for program or system function.  If you suspect WRData is getting larger than it should we can also look at your logs to see if there are multiple unknown files we can white list or a technical issue we can investigate causing the size to increase.
 
Thanks,
Webroot Support Team
Userlevel 2
Badge +3
Thanks Baldrick,,
I sure wish Webrood would figure out a way for the data folder to stop growing so large. They talk about the small size of the program, but this problem sort of makes that misleading. It appears to be a data base much like all the rest of the antivirus programs. Maybe they will get the message and figure out something different.
Thanks again,,,
snake
 
Userlevel 7
Hi Kit, thanks for a very informative & helpful response. WIll you be able to do the same over at Wilders where the topic has also been debated or should one of us munchkins do so instead?

Cheers

Balders
Userlevel 2
Badge +3
 
Hi Kit,,
I had a call from webroot a couple of days ago,,,,they want to take a look at mine to determine what is going on,,,they  told me it is NOT normal for the size of the folder to grow so large. It is supposed to be transfered to the cloud and then deleted from the pc system.  We shall see!
Thanks ,,
snake
 
Userlevel 7
Hi Kit

OK, thanks for clarifying. I understand what you are saying and agree...certainly do not want to tread on either Joe's or TH's toes 😞.

Cheers

Balders
My WRData folder is now over 3GB!!
 
Almost all of the bulk is in "dbxxxx.db" files.
The largest is 1.5GB
If it helps, ALL these dbxxxx.db files are "blue" in windows explorer (compressed?)
All the other files are "black"
 
This is on SecureAnywhere Antivirus but this topic looks active here so I posted here.
 
Is a re-install the only way to solve this issue?
 
vango44
 
Userlevel 2
Badge +3
vango44,,
Yes you can clean most of it out,,,,However I suggest you do not do it without contacting Webroot support,. they are very helpful and can instruct you in what you should do.
snake.
Userlevel 7
The db#### files directly relate to monitored processes.  In your situation, you will want to contact support so they can check over what is marked Unknown on your computer and determine it so it will no longer be monitored.  It's also possible that you did something like, for example, install a Service Pack without turning off the AV protection as the Service Pack installer demands you do.
 
In either case, though these files will normally be cleaned up automatically, you will likely want to expedite the cleanup by uninstalling, rebooting, then installing without importing settings.  Afterwards, cleaning up your temp folders would be a good idea.
Userlevel 3
WHOA!  What a difference a un-install/re-install made.  Before uninstalling folder size was 958MB, AFTER new install, same folder was only 1.56MB!!  Was that a cleanup or what? 😉  Hope support can get this fixed to where it will be cleaned out in the cloud automatically....
Userlevel 7
Running at 0.6Gb here and that is after a re-install some 2 months ago.  Most of the files in the folder are relatively small, although there are a lot of them.  But there are a few ptretty pretty large ones to, ie, 100Mb - ish, so I am wondering if these need to be sent into Support for analysis.
 
Still monitoringthe situation and trying to decide if there is a pattern to this and what I note in terms of usage?
Userlevel 2
Badge +3
Hi Baldrick,,
You can safely delete the larger older files ,,,However I would advise you to contact Webroot support and allow them to upload the wrdata folder information for them to analize. They will advise you on a course of action.
Good luck,,
snake
Userlevel 7
Hi Snake

Thanks...have been through this process a couple of times so I am aware of this...and have done so in the past. What I am actually doing is trying to find a specific pattern to why, in my case...and perhaps for others, there is the growth in the folder.

But your suggestion is welcome.

Regards

Balders
Userlevel 2
Badge +3
Baldrick,,
In my case, the larger files are added any time I uninstall and reinstall a progam. A large data file is left in the folder. You might check after any program is changed on your system to see if it left a new larger file in the wrdata folder.
snake
Userlevel 7
Nice one Snake, will certainly look at that angle.

BTW...have not found that because I use RB Rx; so I try software and if I decide not to keep it I rollback to a prior install snapshot, which effectively negates any change in the WRDATA folder.

But good tip.

Cheers

Balders

Reply