Operational Defect Database
BugZero found this defect 1490 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g6PXSAY
TDR classified Webroot AV as malicious
Last update date:
4/21/2020
Affected products:
TDR
Affected releases:
All
TDR
Fixed releases:
All
Description:
Issue
On 15 April 15 2020, the Webroot antivirus executable (WRSA.exe) and the Webroot update process were detected as malicious by TDR and the Firebox APT Blocker service. The executable was quickly reclassified as benign.Any quarantined instance of WRSA.exe or wrupdate*.exe that occurred on 15 or 16 April 2020 can be safely unquarantined. Any instance of wrupdate*.exe on the same dates can safely be marked as externally remediated.
Workaround/Solution
The predefined AV exclusions for Webroot failed to prevent TDR from detecting WRSA.exe as malicious. The predefined AV exclusion has been updated.If you are using Webroot AV and have not enabled this exclusion, follow these steps: In the TDR Web UI, navigate to Configuration > Exclusion and select the AV tab.Find the Webroot exclusion and select the Enabled check box.
