Webroot Internet Security(bunyip783)
- Thread starter bunyip783
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Jul 23, 2013
- 2,115
- Aug 5, 2012
- 473
- Dec 24, 2011
- 480
The interesting part would have been if you did try to run some of the samples it missed in the scan.
Just because WSA mainly works like a behavior blocker, the files actions will be analysed in the cloud and then it springs into action.
All actions during this time is "recorded" by WSA, and then later if detected bad, WSA will perform a "rollback" of all the actions taken by the malware.
The malware is also crippled even if it is not detected, as it is most likely "monitored" by WSA if you execute the file. (It can not leak info, keystrokes and such actions during the time it is monitored)
You can play with this after executing a couple of malware and see for yourself, if you right click on the icon in the task bar and choose: Control Active Processes
Move the processes started by the malware to blocked to see the magic
What then happens will also happen when WSA picks up on the file and detects it, it will remove and rollback all changes by that process.
I posted this before, but I think it is useful for people who do not understand how WSA works:
What happens when Webroot misses a virus
When you get familiar with this product, and learn how it works it is hard to not like it
If you have the time I would really appreciate to see this in one of your videos.
Cheers
/W
Just because WSA mainly works like a behavior blocker, the files actions will be analysed in the cloud and then it springs into action.
All actions during this time is "recorded" by WSA, and then later if detected bad, WSA will perform a "rollback" of all the actions taken by the malware.
The malware is also crippled even if it is not detected, as it is most likely "monitored" by WSA if you execute the file. (It can not leak info, keystrokes and such actions during the time it is monitored)
You can play with this after executing a couple of malware and see for yourself, if you right click on the icon in the task bar and choose: Control Active Processes
Move the processes started by the malware to blocked to see the magic
What then happens will also happen when WSA picks up on the file and detects it, it will remove and rollback all changes by that process.
I posted this before, but I think it is useful for people who do not understand how WSA works:
What happens when Webroot misses a virus
When you get familiar with this product, and learn how it works it is hard to not like it
If you have the time I would really appreciate to see this in one of your videos.
Cheers
/W
- Mar 1, 2011
- 132
It's something I COULD do. The problem is it could already be too late for the system to have to go back and add them to a blacklist of processes. This would also require quite a techy user to work it properly. Most people wouldn't be able to use this properly.woodrowbone said:The interesting part would have been if you did try to run some of the samples it missed in the scan.
Just because WSA mainly works like a behavior blocker, the files actions will be analysed in the cloud and then it springs into action.
All actions during this time is "recorded" by WSA, and then later if detected bad, WSA will perform a "rollback" of all the actions taken by the malware.
The malware is also crippled even if it is not detected, as it is most likely "monitored" by WSA if you execute the file. (It can not leak info, keystrokes and such actions during the time it is monitored)
You can play with this after executing a couple of malware and see for yourself, if you right click on the icon in the task bar and choose: Control Active Processes
Move the processes started by the malware to blocked to see the magic
What then happens will also happen when WSA picks up on the file and detects it, it will remove and rollback all changes by that process.
I posted this before, but I think it is useful for people who do not understand how WSA works:
What happens when Webroot misses a virus
When you get familiar with this product, and learn how it works it is hard to not like it
If you have the time I would really appreciate to see this in one of your videos.
Cheers
/W
- Dec 24, 2011
- 480
spywar said:
Thx! No worries
I am just learning how different WSA works compared to all other solutions I have tested out there.
I mean we are all used to that your antivirus is most effective when we scan right?
WSA shines when you execute, not when you scan the file. (As the file is considered not dangerous if it only sits there)
I do not agree 100% to this statement, and I do not know why WSA keeps it this way??
I would use all the bells and whistles if a files that is not seen before is scanned by a user, not wait until he execute it to bring out the big guns.
From what I have heard it should be almost immune to Ransom and Crypto viruses, any chance someone could test this out in a video?
/W
- Dec 24, 2011
- 480
It's something I COULD do. The problem is it could already be too late for the system to have to go back and add them to a blacklist of processes. This would also require quite a techy user to work it properly. Most people wouldn't be able to use this properly.
Actually, before WSA detects the file (remember it is not allowed to do anything suspicious during this time when it is monitored) even if detection takes days or weeks, it will automatically move the file to blocked and roll back all changes when it is detected.
The user would not have to do anything.
/W
Actually, before WSA detects the file (remember it is not allowed to do anything suspicious during this time when it is monitored) even if detection takes days or weeks, it will automatically move the file to blocked and roll back all changes when it is detected.
The user would not have to do anything.
/W
- Mar 1, 2011
- 132
If it took weeks to detect the file the system could already have been affected by cryptolocker or be blue screening. Most users won't know how to set up monitoring for particular files and won't bother. Didn't seem to do it automatically either. For advanced users this seems okay but even then the detection rate is incredibly low.woodrowbone said:
- Dec 24, 2011
- 480
bunyip783 said:
You do not need to set up the monitor feature, it is on at all times, and not letting a monitored file do anything suspicious to the system.
At least this is what they told me...
This is also why I would like to see it go up against some ransom and crypto malware.
Maybe spywar could supply you with some samples if you would care to test it out?
/W
- Dec 24, 2011
- 480
bunyip783 said:
Perfect!
This product need some getting use to, looking forward to a video in the future, if you find it worth your time
/W
- Jan 17, 2013
- 410
It's pretty easy to see. Just find one file that WSA didn't detect. Go into the main interface and click on the little cog that is next to PC security. It will bring up a field and then click on Block/Allow files. There should be a bunch of files that say either Allow, Block or Monitor. Anything that is Monitored is being recorded as to what that process doing. Everything it's doing. That process is also not allowed internet access while it's being monitored. So even if it's malware it won't be allowed to 'phone home'. Once this file is deemed malicious WSA will roll back every change it performed, files created, registry changes, ETC.
One of the things that was interesting, that was removed recently, was the counter of how many events were being monitored. It was crazy because after a week or so it would be in the billions.
Just because WSA doesn't have a great detection rate, sorry webroot, it still protects you silently. It's a very creative and strong approach. I know that it freaks some people out knowing that there is a piece of malware on their system. The funny thing is that it can't do anything. It's pretty much dead in the water. It can't call home, it can't inject into web browsers because they're protected and it can't alter system files.
One of the things that was interesting, that was removed recently, was the counter of how many events were being monitored. It was crazy because after a week or so it would be in the billions.
Just because WSA doesn't have a great detection rate, sorry webroot, it still protects you silently. It's a very creative and strong approach. I know that it freaks some people out knowing that there is a piece of malware on their system. The funny thing is that it can't do anything. It's pretty much dead in the water. It can't call home, it can't inject into web browsers because they're protected and it can't alter system files.
Similar threads
