Webroot and a talkative virus

Discussion in 'Webroot' started by woodrowbone, Feb 26, 2016.

  1. hjlbx

    hjlbx Guest

    Other vendors have firewall controls that work with the current Windows API's. Webroot WSA does not.

    The way Webroot promotes WSA for W8/10, the average person who reads their website, literature, etc, expects to have functional firewall controls on W8/10.

    The bottom line of it, is that there is very little outbound network control with Webroot - because it relies upon Windows Firewall.
     
    Online_Sword and Yash Khan like this.
  2. Triple Helix

    Triple Helix New Member

    Jan 18, 2015
    11
    24
    Can you read?


    Webroot doesn't duplicate the API's but all vendors have to in there Firewalls. But WSA still has outbound protection if malware tries to call out and you will get a pop-up.

    You know I really hate repeating myself so Webroot doesn't want to duplicate the API's that are already there in Win 8 to 10.

    [​IMG]
     
    cLcL likes this.
  3. hjlbx

    hjlbx Guest

    #23 hjlbx, Feb 26, 2016
    Last edited by a moderator: Feb 26, 2016
    It will not in most cases since WSA uses Windows Firewall. Windows Firewall will only throw an outbound alert if the installer\soft does not create WFwAS exceptions - or - it tries to create firewall rules that will permit it to act as a server. This is how Microsoft designed Windows Firewall.

    I can send you a bunch of malware samples that trigger no outbound network notification from either WSA or Windows Firewall.

    I've thoroughly tested WSA against malware, so I know what it does and does not do.
     
    Online_Sword and Yash Khan like this.
  4. Azure Phoenix

    Azure Phoenix Level 19

    Oct 23, 2014
    923
    2,470
    Puerto Rico
    That's very good. But what about files that are deemed unknown by Webroot, would users also get a pop-up if they attempt to connect to the internet?
     
  5. hjlbx

    hjlbx Guest

    When a vendor promotes their product as having a firewall, then the vast majority of users expect - and reasonably so - to have granular firewall controls - and not some pseudo-IDS based upon file tracking.
     
    Online_Sword likes this.
  6. Triple Helix

    Triple Helix New Member

    Jan 18, 2015
    11
    24
    There are many levels of Monitoring Unknown Files if a unknown process hits that certain level it will be blocked and during that time ENZO The WIN Cloud is picking it apart see my video's people need to learn before they can judge a product. Also note you don't see me bitching about other Anti-Malwares but I have learned over the years so I know whats best for me and my customers.

    Here is some history: Webroot Totally Revamps Product Line
     
  7. hjlbx

    hjlbx Guest

    #27 hjlbx, Feb 26, 2016
    Last edited by a moderator: Feb 26, 2016
    It is not user's fault.

    It is the manner in which Webroot markets WSA.

    In its various marketing materials, Webroot promotes WSA as having integrated firewall.

    Most reasonable users interpret this as having firewall controls that function - identical to just about every other internet security suite on the market today.

    If I had known WSA did not have granular firewall controls on W8/10, then I - as well as countless others - would not have purchased a license.

    This last point is the real issue with Webroot - and not WSA itself. ;)

    I suppose the real lesson is this - when it comes to security softs: Try-It-Before-You-Buy-It.

    Like I said, most users do not want to rely solely upon file tracking (monitoring) to make network decisions. Their expectation is that WSA will offer granular control - just like it does on W7 - and just like it is marketed.

    Afterall, like I've said repeatedly, if Webroot didn't think granular firewall control was worthwhile - then why did they integrate it years ago ?

    As it stands, using WSA does not generate outbound firewall notifications. That function is relegated to Windows Firewall - and its capabilities in this area quite limited.
     
    Online_Sword likes this.
  8. hjlbx

    hjlbx Guest

    #28 hjlbx, Feb 26, 2016
    Last edited by a moderator: Feb 26, 2016
    If the monitoring is so good, that firewall is no longer needed, then why did Webroot integrate firewall controls ? Why don't they remove it even for W7 ?

    If the monitoring is so good and no need of firewall controls, then why has malware demonstated that malware can accomplish these things with WSA installed:
    • hidden download
    • hidden installation
    • hidden execution
    • hidden install of *.job files for Scheduled Tasks
    • disable UAC
    • disable Windows Firewall
    • disable Task Manager
    • disable Regsitry Editor
    • disable Security Center
    • abuse NET assemblies
    • lock-out user from hidden Admin account
    • lock-out user from Desktop
    • lock-out user from Safe Mode
    • etc
    ???

    Webroot Intelligence Network is not replacement for user granular control(s).
     
    Online_Sword and Nightwalker like this.
  9. cLcL

    cLcL Level 1

    Jan 6, 2015
    30
    49
    Mechanical Engineer
    Jakarta, Indonesia
    #29 cLcL, Feb 27, 2016
    Last edited: Feb 27, 2016
    from what you've stated, that means Webroot is bad antivirus. :D for me, Webroot works well in all my PCs so that's that. maybe it's not for testing malware and stuffs. :)

    i want to answer some questions though:
    for monitored programs (processes): Webroot didn't block monitored programs (processed) to access network. once you allow the programs via windows firewall, they can access the internet (thought they still being monitored by Webroot, so rollback, etc is supposed to be working)

    why in w7 there is still firewall control in Webroot:
    i think you already knew about this. the firewall method is changed from w8 upward, so *maybe* Webroot thinks it'll take more resource for that capability in W8 upward, and since WF supposedly better in W8 upward (more user friendly and all), Webroot choose to not implement it.
    Webroot still has Active Connections viewer and you can make the rule to block unwanted processes in the WF if you want (it's bit annoying, but works OK, i think :D )

    and beside, Webroot supposedly has "smart firewall" so i think when some programs/processes want to access to "dangerous" network, it got blocked by Webroot.

    and from what you've stated, it looks like that it doesnt work, so (according to you) Webroot is bad av... that's fine though :)
     
  10. Azure Phoenix

    Azure Phoenix Level 19

    Oct 23, 2014
    923
    2,470
    Puerto Rico
    There are already products with firewall control on Win8/10. Webroot should be able to easily implement the same. All of Webroot products are paid, so I don't see how they wouldn't have the resources to that.

    I don't think @hjlbx is saying that Webroot is a bad antivirus. Simply that they should be honest with their customers, so that customers can be aware of the limitations of the product they intent to buy.
     
    Yash Khan and Nightwalker like this.
  11. hjlbx

    hjlbx Guest

    This is non-functional on W8/10.

    Webroot relies upon file monitoring\tracking - similar to Bitdefender & Norton. Once a file reaches a certain "threshold" of behavior(s), it will trigger Webroot to block\deny further action(s) on the system.

    They can call it whatever they wish - "Smart Firewall", Intrusion Detection System - or just firewall. I have seen their "Smart Firewall" in action - and it will allow the download of malware to the system.

    So will Bitdefender, but at least Bitdefender gives the user the option to get firewall alerts and allow\block connections manually.

    There is no substitute for manual control over the network.

    Disable Webroot's antivirus module and throw a Virussign pack at it.

    That pack will smash your system - even with Webroot installed.
     
    Online_Sword likes this.
  12. cLcL

    cLcL Level 1

    Jan 6, 2015
    30
    49
    Mechanical Engineer
    Jakarta, Indonesia
    what i meant was the resource for the program, so it wont become bloated or something like that. it still a maybe though.
    well, if what @hjlbx post happened in Webroot, so it's a bad antivirus. i cant think otherwise.
    well (again), it still has firewall (maybe, supposedly :) ), only the firewall control (granular firewall control) wont work in w8/w10.

    the viewer is still there. you can see it in PC Security - View Active Connection. the difference (in w7), there are block and allow (and stop iirc) selection. if you found something "weird" there, you can block it using WF (bit annoying though :) )

    so that means the WF didnt pop up too? i think it's supposed to be WF's job. if a program want to access network, WF should pop up (psiphon can bypass this, but i dont think any firewall will pop up when running psiphon), if malwares able to bypass WF, then WF is not good, better use another firewall. if the malware able to smash the system when webroot installed, then it means Webroot isnt good, better use other AV/AM. simple isnt it? :D

    i'm not Webroot fanboy though, i just think i understand the reason why Webroot doesnt put firewall control in W8/W10 (though it'll be better if it does have, without increasing the resource needed to run it though).

    thanks. and do cmiiw :)
     
  13. hjlbx

    hjlbx Guest

    Windows Firewall only alerts for outbound connection for very specific circumstances - if program doesn't create exceptions or it tries to act as Network Server.
     
  14. bjm_

    bjm_ Level 3

    May 17, 2015
    106
    180
    Zestafoni, Georgia
    Windows 10
    Microsoft
    FWIW ~ An example. Installed program update by stand-alone installer. Installed program and new installer are safe as per Norton. Upon update install program reaches out to re-register license. Norton Smart Firewall throws Norton Firewall dialog / alert. xyz program is asking to connect to IP123. Do you want to allow always, allow one time, block always, block one time, etc. Windows Firewall is being managed by vendor application Norton. I don't know what's under Webroot or Norton's hood. I'm aware of Norton settings that prompt with Norton dialog when xyz program asks for outbound connect. I'm home user aware of what Windows tells me. Windows Firewall by default allows outbound.
    Am I evil in incarnate by simply asking what WSA will show me for known safe outbound and/or unknown/unknown safe outbound calls. Am I evil in incarnate by simply asking what WSA does with unknown outbound calls until Webroot back end makes a determinate. Am I evil in incarnate by simply asking will WSA journal/roll-back be able to retrieve data sent out prior to Webroot back end determinate.
    On my honor. I am not trolling.
     
  15. Azure Phoenix

    Azure Phoenix Level 19

    Oct 23, 2014
    923
    2,470
    Puerto Rico
  16. hjlbx

    hjlbx Guest

    #36 hjlbx, Mar 1, 2016
    Last edited by a moderator: Mar 1, 2016
    The only way to get Webroot to add the firewall controls to W8/10 is for people to be active on the Webroot Community - and keep asking for it. Webroot will not do anything unless people are very vocal about what they want. And I mean you need to be tough-skinned and determined.

    Webroot has not really made any significant changes to WSA for years now. I am not sure why this is the case. I remember @Petrovic making a request for some type of notification whenever WSA starts to monitor a file. That is a really good feature request. However, it has not been implemented.

    Looking through the Feature Requests on the Webroot Community, it appears most of them have not even been reviewed by Webroot - going back as far as 2012.

    Users have to be vocal to get what they want - because it is clearly evident Webroot isn't motivated to make any changes.

    With regards to the firewall controls, they have been "considering" their options for years now.

    Don't expect this issue to be resolved any time soon.
     
    Petrovic and Nightwalker like this.
  17. hjlbx

    hjlbx Guest

    I challenge anyone to produce a video that shows Webroot Secure Anywhere throwing up an outbound firewall notification; a Webroot alert - and not a Windows Firewall one.
     
  18. hjlbx

    hjlbx Guest

    The truth is Webroot just isn't very good protection without supplementing it with other security softs - like AppGuard, NVT ERP, VooDooShield, Windows Firewall Control, etc.
     
  19. blueblackwow65

    blueblackwow65 Level 11

    Dec 19, 2012
    533
    799
    What settings in advanced settings can be unticked ..for example prevent interruption I have unticked and silently and automatically block untrusted to user data unticked .with these 2 unticked will i now just get alerts for me to know ahead if a certain file should be blocked?
    I say this because WSA was blocking files from acronis and aomei which made them not work properly ..so what is the best way to go about this.Thks
     
  20. blueblackwow65

    blueblackwow65 Level 11

    Dec 19, 2012
    533
    799
    Anyone with any ideas on this Thks
     
Loading...
Similar Threads Forum Date
Webroot SecureAnywhere 9.0.19.36 Webroot Jan 10, 2018
Webroot, the only small AV left. Webroot Nov 30, 2017
VIPRE Outperforms Webroot in Head-To-Head Comparison Vipre (ThreatTrack) Nov 8, 2017