How WSA works

yigido · May 29, 2014

Cryptolocker! hmmm.. what about backup

TheJokerz · Jan 22, 2016

Good read! Thanks

bjm_ · Apr 20, 2017

WICAR.org - Test Your Anti-Malware Solution!
Each test will open up a new browser window at http: //www. wicar. org/test-malware. html. You may wish to try each test systematically. Ideally, all tests should be blocked by your anti-malware defenses. If a blank window loads, then it likely was not detected/prevented.

Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks

bjm_ · Apr 20, 2017

bjm_ said:
Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks

answering my message #24
Webroot Support advised that Webroot blocks the test-malware domain, not the tests.

The core domain that launches the additional tab is successfully blocked and classified.
WSA is not an anti-exploit type tool, and as such provides blocking tech in the form of the BrightCloud reputation service. Webroot Support

bjm_ · Jan 5, 2019

FWIW ~ delayed classification in near real-time
----------------------------------------------------------------------------
[U] c:\users\bjms\desktop\redirectservice.exe [SHA256: B20608AA9A82D73E2541FBCAFB75623A24461273DF6AB7F07624B69248EFEC74] [MD5: 5AAC4998509C066B8ACFDCF461CEAAC9] [Flags: 00080001.3974]
[U] c:\users\bjms\desktop\off1cc34dvnc3.exe [SHA256: C78739F397F2A982726394DB0557BA011C6A8724FDF0C11F22B25FE9788933DC] [MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5] [Flags: 00080001.3976]

My habit is to second opinion thru VirusTotal and WSA on-demand scan.
I recently had two samples that were [U] not immediately known classified by WSA.
Both samples were not immediately classified on download nor classified with on-demand scan.

Both samples were well known detected thru VirusTotal.
Within a few minutes both downloaded executable samples were known detected thru WSA.

Automated Cleanup Engine
Starting Routine> Removing c:\users\bjms\desktop\redirectservice.exe...#(PX5: 53F2855100B5D724B209006955521D001607D23E - MD5: 5AAC4998509C066B8ACFDCF461CEAAC9 - UniqueID: 07EB0E88)...
Deleting File> C:\Users\bjms\Desktop\RedirectService.exe
Automated Cleanup Engine
Starting Routine> Removing c:\users\bjms\desktop\off1cc34dvnc3.exe...#(PX5: 9333E9D67E13490F29320D0E2FAA4B009D1D1F3D - MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5 - UniqueID: 07EAF1F0)...
Deleting File> C:\Users\bjms\Desktop\Off1cc34dvnc3.exe

YMMV

bjm_ · Jan 14, 2019

bjm_ · Feb 21, 2019

[ U ] c:\users\bjms\desktop\aaa-registrybackup.exe [SHA256: 041A4F801ACAD637F323A54922577679B71C55D0CAB10261791CA0BE9E50B2E2] [MD5: 6CD057B4EA2DAE7DF4345E54575754A6] [Flags: 08080001.3475]

Starting Routine> Removing c:\users\bjms\desktop\aaa-registrybackup.exe...#(PX5: A680FAC16F9857B5D8F30B9B6E7DAE007EBC7942 - MD5: 6CD057B4EA2DAE7DF4345E54575754A6 - UniqueID: 06DA1600)...
Deleting File> C:\Users\bjms\Desktop\AAA-RegistryBackup.exe

ForgottenSeer 58943 · Feb 21, 2019

How Webroot works.

bjm_ · Mar 6, 2019

2019 Webroot Threat Report details

Are you protected against the latest threats? Explore the 2019 Webroot Threat Report for insights.

www.webroot.com

Search

How WSA works

yigido

TheJokerz

Level 7

bjm_

Level 15

bjm_

Level 15

bjm_

Level 15

bjm_

Level 15

bjm_

Level 15

ForgottenSeer 58943

bjm_

Level 15

2019 Webroot Threat Report details

Similar threads