Has anyone ever tested the WebRoot claim of reverting infections?

[Tempnexus]

So the major selling point of Webroot is their claim to monitor everything the infection does and revert it once it's found that the file is malware.
That is their defense for less than stellar detection. Now, has anyone actually tested those claims? Also the claims that the malware won't be able to communicate out or grab your keystrokes even if it's not yet identified as being a malware?

 

[hjlbx]

So the major selling point of Webroot is their claim to monitor everything the infection does and revert it once it's found that the file is malware.
That is their defense for less than stellar detection. Now, has anyone actually tested those claims? Also the claims that the malware won't be able to communicate out or grab your keystrokes even if it's not yet identified as being a malware?

It does work as claimed, but not against every single type of infection.

 

[LabZero]

I am using WSA in a long time but honestly I haven't tested the rollback function, however: when It's identify a new file or an existing file change is detected, Webroot SecureAnywhere instantly compares it with data in Webroot Intelligence Network to find malicious patterns. In case of zero day WIN is unable to identify the threat, and then start it in the sandbox to examine its behavior. At this point all its actions are recorded and, in case the file was subsequently judged a threat, all can be reset by returning the device to its state before the infection (WSA rollback journaling).

For example, if a suspicious program exceeded the various controls to WIN, it is monitored to see what files, registry keys and memory space is altered.
Then the journaling function records before and after the status of each change made. If a monitored program is actually malware, WSA put it in quarantine, alerting the user and all change in pre-infected state.

 

[Tempnexus]

yeah this is how I u

I am using WSA in a long time but honestly I haven't tested the rollback function, however: when It's identify a new file or an existing file change is detected, Webroot SecureAnywhere instantly compares it with data in Webroot Intelligence Network to find malicious patterns. In case of zero day WIN is unable to identify the threat, and then start it in the sandbox to examine its behavior. At this point all its actions are recorded and, in case the file was subsequently judged a threat, all can be reset by returning the device to its state before the infection (WSA rollback journaling).

For example, if a suspicious program exceeded the various controls to WIN, it is monitored to see what files, registry keys and memory space is altered.
Then the journaling function records before and after the status of each change made. If a monitored program is actually malware, WSA put it in quarantine, alerting the user and all change in pre-infected state.

yeah this is how I understand it. However, I was always wondering if it's effective and how effective and what defeats it?

I mean I don't think this would work well against a CRYPTO Locker style attack since the data is encrypted and loads of it.

 

[LabZero]

It does work as claimed, but not against every single type of infection.

Yeah, If an unidentified ransomware encrypts your files, you are assured that your files remain encrypted

 

[Soulbound]

have tested and works nearly 90% of the time, granted Webroot does end up with the signature in their cloud. until then, you are pretty much infected.

 

[hjlbx]

I mean I don't think this would work well against a CRYPTO Locker style attack since the data is encrypted and loads of it.

Rollback actually does reverse some cryptors.

It is ineffective against really tough screen locker.