Review: Webroot SecureAnywhere Internet Security Plus 9.0

[Malware Security]

 

[Triple Helix]

The reason it takes longer to clean up malware as it looks in more places for malware remnants. Also all other AV's just know Good or Bad and WSA has Unknown as well and will monitor that file/process and if need be can rollback to the pre-infection state if it turns out to be malware.

Thanks,

TH

 

[Moose]

Salutations,Friend!

@Triple Helix, nice to hear that Webroot is taking the extra to make sure that malware is completely remove.
What about false positives? And please! Make sure that sandboxie work 100% with Webroot!

Kind regards,

 

[hjlbx]

Webroot is good antivirus solution for SSD-only systems; avoids all the signature writes to SSD - thereby avoids degrading SSD life-span.

Rollback\File Monitoring issues:

• Rollback does not alert users when a file is being monitored.
• The monitoring log can become huge and cause problems on some systems.
• How to effectively use automatic and manual rollback is not clearly explained in the user manual.
• Rollback is not a 100% clean operation; various remnants remain on system.

Firewall Control issues:

• Firewall controls are non-functional on W8/8.1 and W10 systems.

Other issues:

• Webroot does not protect Windows Firewall, Windows Security Center and Windows UAC.

Anyhow, Webroot would be a very good choice for W7 and SSD-only system; it would, however, require supplements to address the above.

 

[FleischmannTV]

Webroot is good antivirus solution for SSD-only systems; avoids all the signature writes to SSD - thereby avoids degrading SSD life-span.

I am sorry but I have to disagree. Signature writes to SSDs are completely irrelevant in terms of life-span, unless you count the umpteenth post decimal position of your life span as relevant. All your harddisks will have died of mechanical failure before those "signature writes" kill your SSD. So choosing Webroot ,just because you have an SSD, is untenable reasoning in my opinion.

 

[woodrowbone]

Agree with hjibx, as people do not understand how WSA works (not even the ones who test it and releases videos),
it would be a great feature to let the user know that a executed file is monitored.

@ Malware Security: Could you retest the Zero day part? With the "Control Active Processes" open (Right click on the taskbar icon of WSA and click "Control Active Processes") and let us see if any of the missed files ends up monitored?
If so, block them and run HMP and Malwarebytes after, to see if the rollback works as intended.

/W

 

[FleischmannTV]

In the past journalling / rollback was easily circumvented just by using a trusted process to do the dirty deed. I don't know if this has been fixed by now, as promised. Anyway, I wouldn't put my trust in this feature. I am sure there are much more advanced techniques than process hollowing out there that bypass this pseudo protection as well.

However the new variants are injecting a thread into a good process (commonly called Process Hollowing) which in turn does the encryption. Because of this it subverts our journal.

AMA the sequal - We are Webroot, and we are here to answer all your questions • /r/sysadmin

Edit: And by the way, I am tired of this "don't know how WSA works" rhetoric. Perhaps people who repeat this sentence over and over again don't know how WSA "works" either.

 

[omidomi]

Webroot has funny false positive, same as Steganos Online Shield