Umbra

Level 85
Content Creator
Verified
Joined
May 16, 2011
Messages
19,024
Operating System
Windows 10
#21
Does that mean that Webroot no longer has a file to monitor and all logging is discarded? If so, maybe it's a bad idea to have a secondary scanner when you're using Webroot.
the malware is indeed not monitored but the changes it did still journaled, i presume the rollback is still possible.
 

bjm_

Level 4
Verified
Joined
May 17, 2015
Messages
193
Operating System
Windows 10
Antivirus
Windows Defender
#24
WICAR.org - Test Your Anti-Malware Solution!
Each test will open up a new browser window at http: //www. wicar. org/test-malware. html. You may wish to try each test systematically. Ideally, all tests should be blocked by your anti-malware defenses. If a blank window loads, then it likely was not detected/prevented.
Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks
 
Last edited:

bjm_

Level 4
Verified
Joined
May 17, 2015
Messages
193
Operating System
Windows 10
Antivirus
Windows Defender
#25
Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks
answering my message #24
Webroot Support advised that Webroot blocks the test-malware domain, not the tests.
The core domain that launches the additional tab is successfully blocked and classified.
WSA is not an anti-exploit type tool, and as such provides blocking tech in the form of the BrightCloud reputation service. Webroot Support
 

bjm_

Level 4
Verified
Joined
May 17, 2015
Messages
193
Operating System
Windows 10
Antivirus
Windows Defender
#26
FWIW ~ delayed classification in near real-time
----------------------------------------------------------------------------
[U] c:\users\bjms\desktop\redirectservice.exe [SHA256: B20608AA9A82D73E2541FBCAFB75623A24461273DF6AB7F07624B69248EFEC74] [MD5: 5AAC4998509C066B8ACFDCF461CEAAC9] [Flags: 00080001.3974]
[U] c:\users\bjms\desktop\off1cc34dvnc3.exe [SHA256: C78739F397F2A982726394DB0557BA011C6A8724FDF0C11F22B25FE9788933DC] [MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5] [Flags: 00080001.3976]

My habit is to second opinion thru VirusTotal and WSA on-demand scan.
I recently had two samples that were [U] not immediately known classified by WSA.
Both samples were not immediately classified on download nor classified with on-demand scan.

Both samples were well known detected thru VirusTotal.
Within a few minutes both downloaded executable samples were known detected thru WSA.

Automated Cleanup Engine
Starting Routine> Removing c:\users\bjms\desktop\redirectservice.exe...#(PX5: 53F2855100B5D724B209006955521D001607D23E - MD5: 5AAC4998509C066B8ACFDCF461CEAAC9 - UniqueID: 07EB0E88)...
Deleting File> C:\Users\bjms\Desktop\RedirectService.exe
Automated Cleanup Engine
Starting Routine> Removing c:\users\bjms\desktop\off1cc34dvnc3.exe...#(PX5: 9333E9D67E13490F29320D0E2FAA4B009D1D1F3D - MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5 - UniqueID: 07EAF1F0)...
Deleting File> C:\Users\bjms\Desktop\Off1cc34dvnc3.exe



YMMV
 
Last edited: