MyLittleB Posted March 24, 2016 ID:1028149 Share Posted March 24, 2016 Webroot has again been detected as ransomware. Detection occurred when running system optimizer. I do not run that utility on a schedule, I run it manually. MBARW message popup appeared with message to reboot, not allowing optimizer to run. I closed the message, stopped protection, rebooted and no Webroot. I followed instructions for false positives by restoring the quarantined files, however wrsa.exe could not be restored for adding to exclusions, that file was gone. I downloaded the installation file from Webroot. It would not run. System restore did not bring the files back. In order to re-install, all the Webroot data files had to be removed. I removed the folder WRData located in Program Data and in Program Files\Webroot. That solved the install issue. Reinstalled Webroot, had to start fresh, working now and added to exclusions in MBARW. Malwarebytes Anti-Ransomware.zip MBAMSERVICE.zip Link to post Share on other sites More sharing options...
1PW Posted March 24, 2016 ID:1028224 Share Posted March 24, 2016 Reference: https://www.virustotal.com/en/file/453dc7deafbb25da400c7eeee03ff0e4db7d452f84119b42b99dbdcff468c287/analysis/ Hello MyLittleB: Available data does suggest a false positive and hopefully you added the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:C:\Program Files\Webroot\WRSA.exe Thank you for beta testing MBARW and your valuable feedback. Link to post Share on other sites More sharing options...
MyLittleB Posted March 25, 2016 Author ID:1028437 Share Posted March 25, 2016 17 hours ago, 1PW said: Reference: https://www.virustotal.com/en/file/453dc7deafbb25da400c7eeee03ff0e4db7d452f84119b42b99dbdcff468c287/analysis/ Hello MyLittleB: Available data does suggest a false positive and hopefully you added the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:C:\Program Files\Webroot\WRSA.exe Thank you for beta testing MBARW and your valuable feedback. Definitely false positive! Yes I did add the full path name to the exclusions. There are several posts regarding Webroot detected as a false positive. It was my understanding that this build corrected it. As I wrote in my post, it occurred only when I ran the utility. I am curious to know if the other beta testers who experienced a false positive with Webroot have the system optimizer utility set to run on a schedule. Link to post Share on other sites More sharing options...
1PW Posted March 25, 2016 ID:1028456 Share Posted March 25, 2016 Hello MyLittleB: I have personally not been keeping track of that combination and hopefully this will be a moot point if the MBARW developer team pushes out something that covers that. Thank you. Link to post Share on other sites More sharing options...
Decrypterfixer Posted March 26, 2016 ID:1028873 Share Posted March 26, 2016 Thats for bringing this to our attention. We will look into this issue asap. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now