How WSA works

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Umbra

Level 61
Content Creator
Verified
May 16, 2011
17,490
30,781
Operating System
Windows 10
Installed Antivirus
Default-Deny
#21
Does that mean that Webroot no longer has a file to monitor and all logging is discarded? If so, maybe it's a bad idea to have a secondary scanner when you're using Webroot.
the malware is indeed not monitored but the changes it did still journaled, i presume the rollback is still possible.
 

bjm_

Level 3
May 17, 2015
120
199
Operating System
Windows 10
Installed Antivirus
Microsoft
#24
WICAR.org - Test Your Anti-Malware Solution!
Each test will open up a new browser window at http: //www. wicar. org/test-malware. html. You may wish to try each test systematically. Ideally, all tests should be blocked by your anti-malware defenses. If a blank window loads, then it likely was not detected/prevented.
Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks
 
Last edited:

bjm_

Level 3
May 17, 2015
120
199
Operating System
Windows 10
Installed Antivirus
Microsoft
#25
Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks
answering my message #24
Webroot Support advised that Webroot blocks the test-malware domain, not the tests.
The core domain that launches the additional tab is successfully blocked and classified.
WSA is not an anti-exploit type tool, and as such provides blocking tech in the form of the BrightCloud reputation service. Webroot Support