Jump to content

MBARW quarantined WRSA ; Files deleted

MyLittleB

By MyLittleB
in Anti-Ransomware Beta

 Share

Recommended Posts

MyLittleB

MyLittleB

Posted
Posted

Webroot has again been detected as ransomware. 

Detection occurred when running system optimizer. I do not run that utility on a schedule, I run it manually. MBARW message popup appeared with message to reboot, not allowing optimizer to run. I closed the message, stopped protection, rebooted and no Webroot. I followed instructions for false positives by restoring the quarantined files, however wrsa.exe could not be restored for adding to exclusions, that file was gone. 

I downloaded the installation file from Webroot. It would not run. System restore did not bring the files back. In order to re-install, all the Webroot data files had to be removed. I removed the folder WRData located in Program Data and  in Program Files\Webroot. That solved the install issue.

Reinstalled Webroot, had to start fresh, working now and added to exclusions in MBARW.

 

Malwarebytes Anti-Ransomware.zip

MBAMSERVICE.zip

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Reference: https://www.virustotal.com/en/file/453dc7deafbb25da400c7eeee03ff0e4db7d452f84119b42b99dbdcff468c287/analysis/

Hello MyLittleB:

Available data does suggest a false positive and hopefully you added the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

C:\Program Files\Webroot\WRSA.exe

Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites
MyLittleB

MyLittleB

Posted
  • Author
Posted
17 hours ago, 1PW said:

Reference: https://www.virustotal.com/en/file/453dc7deafbb25da400c7eeee03ff0e4db7d452f84119b42b99dbdcff468c287/analysis/

Hello MyLittleB:

Available data does suggest a false positive and hopefully you added the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

C:\Program Files\Webroot\WRSA.exe

Thank you for beta testing MBARW and your valuable feedback.

Definitely false positive! Yes I did add the full path name to the exclusions. There are several posts regarding Webroot detected as a false positive. It was my understanding that this build corrected it. As I wrote in my post, it occurred only when I ran the utility. I am curious to know if the other beta testers who experienced a false positive with Webroot have the system optimizer utility set to run on a schedule. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.