Jimbo

How can Program information be updated in OA Programs?

Recommended Posts

The information in Programs is incorrect for, at least, the following program.

 

Two questions.

How do I get it updated in OA?

How do I check the other 1,600 programs to see if there are other errors? 

 

Online Armor lists the following Program.

Folder:          C:\Windows\SysWOW64

Program:         WRusr.dll

Name:            Webroot SecureAnywhere, 8.0.8.118 (8.0.8.118)

First detected:  6/27/12 21:59:57

Hash (MD5):      D5177488367792F73210BE2FEBC96159

 

 

The file location is opened from within OA and checked using Windows Explorer and Bitser for the Hash.

Folder:          C:\Windows\SysWOW64

Program:         WRusr.dll

Product Name:    Webroot SecureAnywhere

Product version: 8.0.8.127

Date modified:   4/2/2013 5:57 PM

Hash (MD5):      e2e4288a3b4fc706641d85fa029a5986

 

Share this post


Link to post
Share on other sites

Unfortunately it is not currently possible to update that information in Online Armor.

Share this post


Link to post
Share on other sites

Strange.  Are you sure none of the methods below would work?  If not, I assume OA is keeping an internal database (on their servers) of all programs and our OA installs are updated with information from that database.  Of course that means the OA database needs to be updated.

 

Reformat the HDD and reinstall all software.

Uninstall OA and reinstall.

Uninstall the app and reinstall.

Somehow delete the program entry from OA.  Hopefully, OA somehow recognizes the program and adds it back to the list with the correct information.

 

 

 

Share this post


Link to post
Share on other sites

Ok, I will ask it a different way. 

 

Why, when OA detects certain programs does it interpret the version and hash incorrectly.  In this case it looks at WRusr.dll version: 8.0.8.127 Hash e2e4288a3b4fc706641d85fa029a5986 but interprets the above as version 8.0.8.118 (Hash D5177488367792F73210BE2FEBC96159?

 

What are the ramifications of this issue?

 

How wide spread is this problem?

Share this post


Link to post
Share on other sites

Well, uninstalling Online Armor should wipe out all of the information it has stored about EXE's and DLL's, and allow it to rebuild it from scratch after a reinstall. When I said "no way", I meant within Online Armor's UI. ;)

One of our employees had noticed some issues with OA displaying incorrect signatures, and was investigating it. I don't have any information beyond that at the moment, however I will let him know that you are having this issue.

Share this post


Link to post
Share on other sites

Heh.  I just want the program to work correctly and assume that if OA is displaying incorrect signatures OA may be "protecting" me causing the program to malfunction.

 

 

So, tell me what I have just done to myself...

 

1. In OP Programs the errant program was deleted.

2. It was then added

3. It was then marked allowed.

4. It is currently shaded pink but is displaying the correct version and hash

 

Share this post


Link to post
Share on other sites

So, tell me what I have just done to myself...

 

1. In OP Programs the errant program was deleted.

2. It was then added

3. It was then marked allowed.

4. It is currently shaded pink but is displaying the correct version and hash

Did you also mark it as Allowed?

Share this post


Link to post
Share on other sites

Yes, in step 3.

 

Would deleting and adding cause problems?  Since that fixes/masks the version/hash display issue it seems an appropriate way to update this.  Since this is not an approved way to update the version information I am assuming it may cause problems.  It was done ONLY because I'm about to uninstall and reinstall the software so figure it couldn't hurt too bad.  :D

Share this post


Link to post
Share on other sites

There are three questions all are near the bottom.

 

Update:

WSA build 127 was uninstalled and build 155 installed.  Three of the five programs now reflect the new version in OA.

The one I manually updated yesterday did not get updated in OA with the reinstall.  That is, it still reflects build 127 instead of 155.

 

However, please explain this new issue which shocks and baffles me.

Before WSA was uninstalled  WRkrn.sys version 8.0.2.127 was correctly listed in OA.

After WSA was reinstalled      WRkrn.sys version 8.0.2.118 is now listed.  This version was replaced by 127 in April.

Version 8.0.2.155 was installed today.

 

Both programs were deleted and added within OA.  Both were marked Allowed and Trusted.  I have no idea how to test functionality.

 

So, once again, I'm asking would deleting and adding cause problems?

 

Why is OA having an issue of "seeing" programs in a system folder?  When adding WRkrn.sys, OA could not list all programs or subfolders within C:\Windows\System32\drivers.  Manually adding the program name allowed it to be added.  Does this mean that OA has insufficient rights to the system? 

Share this post


Link to post
Share on other sites

So, once again, I'm asking would deleting and adding cause problems?

Assuming you mean deleting and adding a rule in Online Armor, then no, it shouldn't cause any problems.

 

Why is OA having an issue of "seeing" programs in a system folder?  When adding WRkrn.sys, OA could not list all programs or subfolders within C:\Windows\System32\drivers.  Manually adding the program name allowed it to be added.  Does this mean that OA has insufficient rights to the system?

Have you checked to see if it is showing you only the files/programs in C:\Windows\SysWOW64\drivers, and just saying they are in C:\Windows\System32\drivers?

Share this post


Link to post
Share on other sites

Sorry about being unclear.

 

I meant deleting and adding and a program to OA Programs list.  This was done to get OA to recognize the proper version and hash.  My thought is OA would stop programs whose version / hash has been altered and cause problems.  However, with there being now legitimate way to update that information deleting and adding might actually be causing me a problem.

 

 

Good question to ask but, yes, I'm sure.  The steps taken are below.  I can send screen shots if you wish.

Before the steps, here are two examples.

Displayed in the Open dialog box (presented by Adding a program)

File:       gm.dls

Folder:  UMDF

Not displayed

File:       afd.sys

Folder:  etc

 

 

In the case of the two files ATTRIB shows attributes of A.

In windows explorer both files are System Files with owner "TrustedInstaller"

There are only 5 hidden files.  Shown in Win Explorer but not OA Open

 

Steps taken

*Before deleting it the program was right clicked in OA and "Open file location" was selected.  (opens windows explorer where 303 files and 3 folders are listed)

*The program was deleted

*Right clicked in OA and Add Selected.

*It opened C:\Windows\System32\drivers (11 files and 2 folders are listed)

The path was copied from Windows Explorer and pasted into the file name text box and the Open button was clicked  (no change)

Finally, "\WRkrn.sys" was manually appended to "C:\Windows\System32\drivers" in the File name text box and the Open button was clicked.  (the program was added)

Share this post


Link to post
Share on other sites

When you right-click in the Programs list and select 'Add', and then navigate to C:\Windows\System32 Online Armor will show you the contents of C:\Windows\SysWOW64. See the screenshots below from my test environment (Windows 7 x64):

Share this post


Link to post
Share on other sites

Interesting.  I believe SysWOW64 is for 32 bit dlls on a 64 bit system and System32 is for 64 bit dlls on a 64 bit system.  Apparently, System32 was so ingrained it was simpler to leave it the same name even after Windows supported 64 bit.

 

On your system do they both contain the same number of files?  On my Win 7 Pro 64 bit system.

2,840 (2,747 files, 93 folders)           C:\Windows\System32

2,403 (2,322 files, 81 folders)           C:\Windows\SysWOW64

 

305 (302 files, 3 folders)                   C:\Windows\System32\drivers

13 (11 files, 2 folders)                       C:\Windows\SysWOW64\drivers

 

However, I have just uninstalled Webroot again and checked both folders and OA and found that both Wkrn programs were removed from both folders and all entries in OA were removed.  Once I reinstall I will report the results.

Share this post


Link to post
Share on other sites

Groan...  I had looked for WRkrn.sys rather than WRusr.dll....  :(

 

However, after the install:

C:\Windows\SysWOW64\WRusr.dll      149 KB  7/18/2013  6:48 PM

C:\Windows\System32\WRusr.dll         102 KB  7/18/2013  6:48 PM

Windows Explore (Properties > Details) show both to be version 8.0.2.155

Share this post


Link to post
Share on other sites

On your system do they both contain the same number of files?  On my Win 7 Pro 64 bit system.

2,840 (2,747 files, 93 folders)           C:\Windows\System32

2,403 (2,322 files, 81 folders)           C:\Windows\SysWOW64

The contents of both folders are somewhat different on all 64-bit editions of Windows. System32 will always contain more files than SysWOW64.

Basically, what you are experiencing is an unfortunate side-effect of how 32-bit applications work on 64-bit editions of Windows. Hopefully, in the future, we will be able to offer versions of Online Armor that are compiled as 64-bit executables instead of 32-bit executables.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.