Best answer by KitView original
Anyone know if the wrdata folder can be cleaned out or deleted? It grows to an enormous size over time.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Please do feel free to forward the information over there though, with the understanding that it's subject to change (for example, I haven't seen res####.db files in weeks).
Snake - While it is true that it's not "normal", it's not impossible and not abnormal. (I'd hope I have some idea what I'm talking about, since prior to QA, I was an Escalation Engineer. ^.^ ) For example, an unknown toolbar DLL injected into a browser will cause the WRData folder to grow to several hundred MB in short order from normal browsing. A brand new, unknown copy of a torrent client will have an even more dramatic growth effect. Also noteworthy that "should be sent to the cloud and then deleted" is halfway accurate. As long as the item is marked as Unknown, your computer will keep a local journal for rollback purposes. It only gets cleaned up once the item in question is determined to be good, and that process is not instant. We'd have to find out from dev what the precise rules are for cleanup and database compacting, however I do know that it can take up to a month. In general, the correction involves determining what the cause is and addressing that cause (Determintaions on unknowns, Quarantine, sync bloat, etc).
Normally I'd just pull up your ticket, but this new community system doesn't allow me to see email addresses, so I have no good way to locate ticket or logs (assuming they exist). As such I will simply need to hope it's addressed well. 🙂
OK, thanks for clarifying. I understand what you are saying and agree...certainly do not want to tread on either Joe's or TH's toes 😞.
Almost all of the bulk is in "dbxxxx.db" files.
The largest is 1.5GB
If it helps, ALL these dbxxxx.db files are "blue" in windows explorer (compressed?)
All the other files are "black"
This is on SecureAnywhere Antivirus but this topic looks active here so I posted here.
Is a re-install the only way to solve this issue?
Yes you can clean most of it out,,,,However I suggest you do not do it without contacting Webroot support,. they are very helpful and can instruct you in what you should do.
EDIT: And welcome to the Webroot Community Forums!
In either case, though these files will normally be cleaned up automatically, you will likely want to expedite the cleanup by uninstalling, rebooting, then installing without importing settings. Afterwards, cleaning up your temp folders would be a good idea.
Still monitoringthe situation and trying to decide if there is a pattern to this and what I note in terms of usage?
You can safely delete the larger older files ,,,However I would advise you to contact Webroot support and allow them to upload the wrdata folder information for them to analize. They will advise you on a course of action.
Thanks...have been through this process a couple of times so I am aware of this...and have done so in the past. What I am actually doing is trying to find a specific pattern to why, in my case...and perhaps for others, there is the growth in the folder.
But your suggestion is welcome.
In my case, the larger files are added any time I uninstall and reinstall a progam. A large data file is left in the folder. You might check after any program is changed on your system to see if it left a new larger file in the wrdata folder.
BTW...have not found that because I use RB Rx; so I try software and if I decide not to keep it I rollback to a prior install snapshot, which effectively negates any change in the WRDATA folder.
But good tip.
If you see a lot of ace files, that means a lot of stuff has been cleaned up. Either there is a lot of infection stuff going on, which is bad, or you're scanning a lot of real malware to "test things". In any case, the "Average" user does not get a large quantity of files in WRData. Only people who are either testing against Malware or who are advanced enough to be running a lot of lesser-known or frequently-updated software that is not quickly tagged as Known-Good in the cloud system will get a large WRData folder.
Hmmm... Does that mean that the size of that folder is like a badge of honor indicating how much cool obscure stuff you run? XD
Have 42 db#### & 6 ace files...so where do I get my 'cool dude' badge? ;)
No, seriously, I do not think that I run "...a lot of things that are highly uncommon and so are not known-good in the system" but then again...I might but do not know it.
Any suggestions as what I should upload to Support, etc., so that they can check on it? Or is there no point?
Incidently, I also have a number of db# (where # is between 'a' and 'p') and some dst## files (but not many). Is the presence of these also significant?
Ah, yes, I suppose I should clarify. If you install an update so quickly that it hasn't had a chance to become known-good, that counts. If you use specialized utilities that are uncommon for "Average People" (Mom, Dad, Grandma) to use, that also counts. The db#### files are per process or PE, so for example, installing a new version of Cygwin packages the moment they come out can result in a few dozen of them.
If you are concerned about the files, then you can look at your scan logs to see what is marked as [u], and the section after the scan logs for mentions of things being monitored, since any of them that execute will create or add to a db#### file. If they are things that were not transient (for example, if you see the installer for Flash being monitored, you probably just jumped on the update before it was common enough to be known-good, which means you were at the cutting edge of technology 🙂 ), simply opening a support ticket and mentioning that you have a lot of unknown items being monitored can get the data to the Threat Research team to look at.
Unfortunately, I'm not completely certain myself what the dst files are, so I'll have to check on that when I get back to the office. The dba through dbp files are the normal configuration databases, and also include cleanup actions taken and the quarantine contents.
Thanks for the comprehensive reponse. I susepct that I am indeed one of those who jumps on a latest update or release (I run RB Rx which means that if I find an issue I can very quickly roll back to pre the install)...so I suppose I am at the cutting edge...as you say...:D.
Will take a look as you have suggested but suspect that I will most probably uninistall/reinstall to 'clean' the folder.
I have figured out the deal about data being retained in my wrdata folder. I am a tester for beta programs. When I install a new beta release like firefox , opera, chrome or any program that is still in beta, a large data file is retained until I delete it. I dont know if this helps, but it is what is happening with my system.
You could be on to something here as I am/have been a beta tester for some apps I use (including WSA :D)...so there is communality. And if you add this to what Kit has said about jumping "...on the update before it was common enough to be known-good,..." which fits the beta testing profile, then that would explain the size 'issue' experienced by some. ;)
I also suspect that new version of a known-good app will have different hash key, not yet flagged as good...hence the detection of 'suspicious' files, etc.
Its been awhile since I posted, but I have learned not to reinstall or install over the top of a beta program,,,simply check for updates and let the program update itself. This will not increase the siae of the wrdata foldeer contents.
I'm on windows 8.1 and my wrdata folder is above 6GB. This issue isn't solved yet? any help appeciated...
I'm going to try that uninstall/reinstall suggestion, but it sure would be nice to be able to clear this in a more civilized manner.