App Review Webroot Secure Anywhere 2015

[Petrovic]

 

[Raider Red]

Thanks Petrovic....well done. Like to see it with the one setting mod you mentioned at the end. Thanks RR

 

[woodrowbone]

Another reviewer who did not find the monitored files, maybe WSA should make this more visible for the users?
I admit it is well hidden under right click the taskbar icon and "control active processes"

/W

 

[Behold Eck]

Good detailed review no real surprises though, webroots detection rate still stinks.

How would the often quoted rollback feature protect against the cryptolocker ? Maybe it only works against files directly downloaded from the internet ?

A good lesson in the importance of sandboxing and HIPS.

Regards Eck

 

[woodrowbone]

Good detailed review no real surprises though, webroots detection rate still stinks.

How would the often quoted rollback feature protect against the cryptolocker ? Maybe it only works against files directly downloaded from the internet ?

A good lesson in the importance of sandboxing and HIPS.

Regards Eck

Like I said, if he found the monitored files, witch probably would have been all of the "infections", he would be able to block them and they would have been rolled back.

/W

 

[Behold Eck]

I was just wondering how long the whole process of monitoring and roll back takes ?

Presumably the cloud data base will verify the status of the files and then Webrooot will take the appropriate actions.

I have seen it work pretty well here in a two part review that gave Webroot the time to use rollback.

Regards Eck

 

[woodrowbone]

I was just wondering how long the whole process of monitoring and roll back takes ?

Presumably the cloud data base will verify the status of the files and then Webrooot will take the appropriate actions.

I have seen it work pretty well here in a two part review that gave Webroot the time to use rollback.

Regards Eck

I understand what you mean, I have had files monitored for more then 3 months before I gave up the test I had going.
Apparently if they are not well known or many in number, it will take very long time if ever for WSA to detect them for rollback.

I had the suggestion to them about watching the WRData folder, when the files in there (monitored) they should have some kind of alarm going off, triggered by a certain size and/or age of the (recording) the monitor feature does.
But for more known files the cloud would react much more quicker.

BTW, were did you find that two part review?

/W

 

[Behold Eck]

As long as the rollback works is the main thing but your right some kind of alert or red flag would be needed so that the user is aware that certain files are deemed suspicious.

I think it was about a month ago right here on MalwareTips I watched the two part video but I cant remember who or where so you may have to do a bit of a search for it.

At least it`s here somewhere.

Regards Eck

 

[FleischmannTV]

I think it was @MalwareDoctor

 

[woodrowbone]

Thx guys!
I watch another test that might interest you here:

The tester is still struggling a bit how WSA works,but he´s getting there

/W

 

[FleischmannTV]

Yes, he still got some things wrong regarding the abilities of monitored malware and I think he was a bit inconsistent in his approach. Point is, inactive remnants in temp folders aside, in the end there was only one monitored process alive and that process was probably crippled as well.

 

[Behold Eck]

I think it was @MalwareDoctor

Yup! Thats the one.

Regards Eck