This started as a question...

[Hangtooth]

Been having a problem with false positives (malware, trojans, malicious websites) for 2 weeks now with Webroot, and just as I was posting examples of what Webroot has 'saved me' from over the last few days - that could not be found by EEK, MBAE, HitmanPro, or Herdprotect, my browser locked up and I lost the post in progress due to the Webroot web filter locking up when I tried to get the right site link to post as an example.

I recovered said files and scanned the heck out of them with every on demand scanner I could lay my hands on, and there's nothing there. The websites it was blocking were safe too, prime example being the Cyberghost whole domain.

I was posting here simply to ask about all the false positives with Webroot, is it better or worse than competitors? NOD32 never did this to me, even MSE didn't do this =)

I just uninstalled Webroot and put Windows Defender on for now.

Is my experience with Webroot atypical? A quick google search of their own forums lead me to believe my experience is not exactly uncommon.

It's a shame, it's such a nice light product. Are they afraid nobody will take them seriously without flagging everything in sight as infected?

 

[Muddy7]

Interesting!

I did have problem of FPs in the past, PARTICULARLY with false flagging of websites, but have had nothing untoward with apps for ages and with websites for months.

Just goes to show how mileages can vary as they say.

Regarding www.cyberghostvpn.com, yes this is strange as WSA does indeed flag it as suspicious, and yet if you go to their official URL/IP lookup page, it comes back as trustworthy. Pity you felt the need to uninstall Webroot as this (apparent) FP should be followed up with their Support Team.

 

[LabZero]

I use Webroot and actually exists the false positives problem.

As many security applications that have a high attention level, this is possible.
My advice, if you still use Webroot, disable the web filter if/when necessary and carefully check the detections.
I strongly advise you to disable Webroot when you install applications because even without warnings it can corrupt the installation process.
WSA is a great product, lightweight, effective but with some compromises

 

[Hangtooth]

Ignore this post, it ended up launching with just a quote.

 

[Muddy7]

Granted, WSA might in some cases need disabling when installing some apps (though as a general rule, I have not had problems).

However, imho the advice regarding web filter is somewhat out of date as for the last few months (with their updated web filter) I have found that it has worked flawlessly on my machine. My 2 cents worth...

 

[Hangtooth]

Pity you felt the need to uninstall Webroot as this (apparent) FP should be followed up with their Support Team.

I wanted to like it. I like their design philosophy, it's just not the product for me. It was flagging common legitimate tools I was using to clean up after the upgrade to windows 10 this week. It was blocking websites obnoxiously, and I did indeed report the first few, but I got weary of the long drawn out report form.

I also googled and saw that people have been complaining about cyberghost's website being blocked for years now. I don't think they are budging on that one.

Their tone in the webroot forums from the VIPs is downright insulting and condescending, not that I bothered posting there. I saw enough of it from looking for answers on their forums from people with similar problems.

Nice product, and I think it is good for people who don't muck with their systems like I am guessing most of us do who read this sort of website. I am constantly trying every on demand scanner, installing, uninstalling, restoring, resetting, and cleaning up the messes left by such behaviour and remnants of this that and the other thing to get rid of. That's where webroot was downright intrusive and caused me a lot of grief. Even simple tools like the ones from GRC were flagged as malware/trojans, and they have been around probably at least a decade now.

I spent a lot of hours today trying to find any av/mw scanner that would agree that the stuff webroot was flagging was anything but harmless. After that experience, I was done with it. Fool me once, shame on you, fool me twice and shame on me!

For someone with light security worries and who doesn't run odd tools that muck with your system? I'd still recommend it. It's just not tinker-friendly. If you don't tinker you likely won't see the problems I saw.

EDIT: Two thumbs up for their uninstall utility, it's top notch! Even uninstalls *itself* when it's done! Installation Support

 

[LabZero]

However, imho the advice regarding web filter is somewhat out of date as for the last few months (with their updated web filter) I have found that it has worked flawlessly on my machine. My 2 cents worth...

Web filter FP is a common problem to many security apps, it there is no solution that will always block without false positives on 100% of malicious web pages.
Webroot, with highs and lows, is no exception.

 

[Muddy7]

Their tone in the webroot forums from the VIPs is downright insulting and condescending.

Have to disagree on that one. They can get extremely abrupt with trolls (understandable). And there is one fella who is a great chap but who does consider WSA to be almost one of his babies and so can from time to time tend to conflate criticisms of Webroot with personal attacks. He's still a great chap though — you just have to understand this flaw in his character (don't we all have them, at least *groan* I'm afraid I do).

Web filter FP is a common problem to many security apps, it there is no solution that will always block without false positives on 100% of malicious web pages.
Webroot, with highs and lows, is no exception.

As I said, I used to have serious problems on this front and I expressed my frustration loudly and clearly on forums, but since a web filter extension update some months ago I have found behaviour to be MUCH MORE normal.

 

[Enju]

Is my experience with Webroot atypical? A quick google search of their own forums lead me to believe my experience is not exactly uncommon.

No, it's not atypical, this is almost the norm for them. They block whole subdomains of downloading services if they find only one malicious link. If you set the "heuristics" to the highest settings and click always allow the file gets flagged, after about an hour, as RuleBlock.1. Their Chrome extension is a disaster, it looks like they straight up pulled it out of the nineties!
Don't get me started on their German language setting, it's straight up horrible, overlapping text on alerts and amateurish translations...
Their software basically slows my tablet running Windows 10 (Atom Z3735F, 2GB RAM, 32GB "SSD") to a crawl, opening Chrome takes 30 seconds instead of 5 for example. They don't even support high DPI...
After my first-hand experience with them, I wouldn't even bother with it if it could cure AIDS.

 

[jamescv7]

You cannot escape where Antivirus provides flaws on their overall detection capabilities, its always to be a sudden event where either change the configuration or transfer another AV. Usually its all about the prevalence on how the website/file is matured enough from using majority users + enough credentials can gathered and make a verdict.