How WSA works

yigido · May 29, 2014

Cryptolocker! hmmm.. what about backup

TheJokerz · Jan 22, 2016

Good read! Thanks

bjm_ · Apr 20, 2017

WICAR.org - Test Your Anti-Malware Solution!
Each test will open up a new browser window at http: //www. wicar. org/test-malware. html. You may wish to try each test systematically. Ideally, all tests should be blocked by your anti-malware defenses. If a blank window loads, then it likely was not detected/prevented.

Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks

bjm_ · Apr 20, 2017

bjm_ said:
Seems, I get blank windows...for all tests except EICAR anti-virus test file.

Why all the blank windows w/wo SSL Test Payloads.

If a blank window loads, then exploit was likely was not detected/prevented.

I was expecting successful "block" events where Webroot has detected and blocked sample exploits.

Are Wicar.org test-malware with no successful "block" events anything to be concerned about?

Thanks

answering my message #24
Webroot Support advised that Webroot blocks the test-malware domain, not the tests.

The core domain that launches the additional tab is successfully blocked and classified.
WSA is not an anti-exploit type tool, and as such provides blocking tech in the form of the BrightCloud reputation service. Webroot Support

bjm_ · Jan 5, 2019

FWIW ~ delayed classification in near real-time
----------------------------------------------------------------------------
[U] c:\users\bjms\desktop\redirectservice.exe [SHA256: B20608AA9A82D73E2541FBCAFB75623A24461273DF6AB7F07624B69248EFEC74] [MD5: 5AAC4998509C066B8ACFDCF461CEAAC9] [Flags: 00080001.3974]
[U] c:\users\bjms\desktop\off1cc34dvnc3.exe [SHA256: C78739F397F2A982726394DB0557BA011C6A8724FDF0C11F22B25FE9788933DC] [MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5] [Flags: 00080001.3976]

My habit is to second opinion thru VirusTotal and WSA on-demand scan.
I recently had two samples that were [U] not immediately known classified by WSA.
Both samples were not immediately classified on download nor classified with on-demand scan.

Both samples were well known detected thru VirusTotal.
Within a few minutes both downloaded executable samples were known detected thru WSA.

Automated Cleanup Engine
Starting Routine> Removing c:\users\bjms\desktop\redirectservice.exe...#(PX5: 53F2855100B5D724B209006955521D001607D23E - MD5: 5AAC4998509C066B8ACFDCF461CEAAC9 - UniqueID: 07EB0E88)...
Deleting File> C:\Users\bjms\Desktop\RedirectService.exe
Automated Cleanup Engine
Starting Routine> Removing c:\users\bjms\desktop\off1cc34dvnc3.exe...#(PX5: 9333E9D67E13490F29320D0E2FAA4B009D1D1F3D - MD5: 39FCDA73563DC640FF3F8F5B1D3DF6E5 - UniqueID: 07EAF1F0)...
Deleting File> C:\Users\bjms\Desktop\Off1cc34dvnc3.exe

YMMV

bjm_ · Jan 14, 2019

bjm_ · Feb 21, 2019

[ U ] c:\users\bjms\desktop\aaa-registrybackup.exe [SHA256: 041A4F801ACAD637F323A54922577679B71C55D0CAB10261791CA0BE9E50B2E2] [MD5: 6CD057B4EA2DAE7DF4345E54575754A6] [Flags: 08080001.3475]

Starting Routine> Removing c:\users\bjms\desktop\aaa-registrybackup.exe...#(PX5: A680FAC16F9857B5D8F30B9B6E7DAE007EBC7942 - MD5: 6CD057B4EA2DAE7DF4345E54575754A6 - UniqueID: 06DA1600)...
Deleting File> C:\Users\bjms\Desktop\AAA-RegistryBackup.exe

ForgottenSeer 58943 · Feb 21, 2019

How Webroot works.

bjm_ · Mar 6, 2019

2019 Webroot Threat Report details

2019 Webroot Threat Report: are you protected against the latest threats?

www.webroot.com

Search

How WSA works

yigido

TheJokerz

Level 7

bjm_

Level 14

bjm_

Level 14

bjm_

Level 14

bjm_

Level 14

bjm_

Level 14

ForgottenSeer 58943

bjm_

Level 14

2019 Webroot Threat Report details

Similar threads