scanner.service.exe being flagged by Webroot as a threat

[mklv]

I was running the trial for about a month.  Not sure why it got flagged today.

 

Scanner.Service.exe is version 2.4.0.2928, dated 6/18/2013

 

While I suspect it is a false positive, I just wanted to pass it along

[Christopher (Drashna)]

MKLV,

 

Well, first I can say that I've never actually heard of that AV solution.

 

As for the threat, I can say it's a false positive.

 

All the code is "in house". As for why it would trigger it... we read from some "deep level" stuff in the system, as well as scan files, and repair them. So any of these *could* trigger that warning. But more likely, it was a heuristic check that thinks the exe file looks similar to something it has on file. That, or some AV's will look at the icon or the file name and ASSUME it's a virus. The fact that it's called "Scanner" could be setting it off.  

 

But don't trust me, something I use when I am not sure about a detected threat: https://www.virustotal.com/ It uses a bunch of different engines to scan the submitted file.

Edit:

 

.... Yeah, look at the type. W32.suspicious.heuristic ....  

That means the file looks similar to what it's seen in the past.

[CptCrunch]

Hey just wanted to say I just got a warning just like yours and I knew it was a false positive. As a recommendation you can submit your application to the webroot team and they will investigate into it and clear it off of the list. I know most of us are highly tech savy but even so it does build more trust with the program itself (not that I needed any).

[Christopher (Drashna)]

Also, the "W32.Suspicious.Heur" type indicates that the Heuristic scanner identified this file as a suspicious file. It means it's not sure, but it may match records it has on file. 

 

So, basically definitely a false positive.