App Review Webroot SecureAnywhere Antivirus 2015 Test and Review

[MalwareT]

Good:
-Nice UI
-Light on system
-Good web blocking until smartscreen was enabled by Webroot
-After executing malware all items were found and removed by Webroot
Bad:
-Bad detection on 342 items (0 to 3 days old) 76%

Not recommended. Overall rating 4/5. Watch video here:

 

[Sr. Normal]

Hi amigo

Great review again .

That was my antivirus two years ago, on a computer with little RAM. I was impressed by the speed of the scan , but the computer was infected .
With Comodo firewall formed a good team, but there are better combinations ... and free .

Thanks again for keeping us so well informed .

Kind regards

 

[MalwareT]

Hi amigo

Great review again .

That was my antivirus two years ago, on a computer with little RAM. I was impressed by the speed of the scan , but the computer was infected .
With Comodo firewall formed a good team, but there are better combinations ... and free .

Thanks again for keeping us so well informed .

Kind regards

No problem friend

 

[tonibalas]

I used Webroot for 6 months and in my opinion is a good program,it has very good PUP detection and it's light on system.
Where i want to see improvement on Webroot is their signatures and their rollback feature. Rollback feature must work a lot faster because if i get infected i can't wait a whole day for webroot to clean my pc
Malware Test a great review and continue your hard work
p.s.: I like the new wallpaper

 

[MalwareT]

@tonibalas I'm advertising MalwareTips

 

[tonibalas]

Malware Test i know and i really like it

 

[Nightwalker]

I disagree with your conclusion, Right click scan like you did doesnt show Webroot protection abilities, there is more than signature detection in it.
In my experience Webroot shines in real life scenario usage.

 

[FleischmannTV]

The registry entries which EEK found are probably not from malware. I had these found bei EEK on my system as well and there is definitely no malware on it, never has been in fact. There is a probability they could have been made by Webroot itself or some other security program as a measure of self defense or something like that.

Further I don't agree with your conclusion. Webroot has kept the system clean, excellent result imho. There is no malware running at the end of the test. The only active detected process is a false positive of HMP, detecting CBAD as a trojan. The other findings are not running and thus no risk. Dead droppers which were unable to download an install their payload. Finally I don't understand why you give it an 80% rating (4/5 = 80%) and then don't recommend it. Doesn't make sense to me.

However I really appreciate your efforts and thank you for your review.

 

[woodrowbone]

WSA seems to be a App that is hard to understand for people, this is were they should improve more, inform how WSA really works.
I agree fully with the two posters above, a better understanding on how WSA works is needed.
Like tonibalas who does not know that he is still protected by WSA even if he is "infected", the "infection" is monitored and the Identity shield feature kicks in, and no private or sensitive information is allowed to "leak" out from the PC.
WSA is hard to test, you need to have it up and online all the time if you test the Monitored feature for example, and this can take weeks even before WSA deems the file good or bad. (But you are still protected)
The only scenario I see were WSA could have problems is if you get a ransom virus blocking your screen, even if that file is monitored you cannot use your PC until the cloud decides that the file is bad.

EDIT! No disrespect to the tester/testers, but we need to brainstorm without prestige around how tests are conducted. Just to get as close to real life experience as possible.
Or else the so called "youtube testers" will remain in the shadows, not taken seriously by others (see Wilders forums for example).

/W

 

[Behold Eck]

Interesting as it seems that webroots detection has actually improved compared with previous tests,although this could be because of the 3 day old samples ?

I agree wih Sr.Normal when he mentions maybe running it with CFW(or maybe just run CFW by itself ?) but I for one don`t totally trust Webroot`s detection rates or rollback abilities yet.

Good review as usual MT,thanks.

Regards Eck

 

[Cch123]

I think someone should really do an in depth test of webroot. Its behavioural detection is one of the best in the field, but it takes time for it to work and by then damage could have been done. It would be good to see if its firewall managed to block all data transfer from the malware to its C&C servers and whether the rollback was completely effective.

 

[Sr. Normal]

I think someone should really do an in depth test of webroot. Its behavioural detection is one of the best in the field, but it takes time for it to work and by then damage could have been done. It would be good to see if its firewall managed to block all data transfer from the malware to its C&C servers and whether the rollback was completely effective.

WSA before using the windows firewall with added , has changed that now?

I remember 2 years ago were already asking to change the way in which the test was performed for being little clarifying your antivirus.

 

[Av Gurus]

I think someone should really do an in depth test of webroot. Its behavioural detection is one of the best in the field, but it takes time for it to work and by then damage could have been done. It would be good to see if its firewall managed to block all data transfer from the malware to its C&C servers and whether the rollback was completely effective.

Here is one good Webroot test with rollback feature after couple of days:

Webroot Secure Anywhere (Rollback Test Day 0)


Webroot Secure Anywhere (Rollback Test Day 5)


Webroot Secure Anywhere (Rollback Test Day 12)

 

[Cch123]

WSA before using the windows firewall with added , has changed that now?

I remember 2 years ago were already asking to change the way in which the test was performed for being little clarifying your antivirus.

WSA is still using Windows firewall with its own program monitor. Basically, windows firewall is used to stealth ports and prevent external attacks. Its own firewall controls outbound connections from programs in the PC.

 

[Cch123]

Here is one good Webroot test with rollback feature after couple of days:

Webroot Secure Anywhere (Rollback Test Day 0)


Webroot Secure Anywhere (Rollback Test Day 5)


Webroot Secure Anywhere (Rollback Test Day 12)

While I respect him for the effort that he has put in, his methodology is very wrong. Webroot's rollback feature does not care if 1 day or 30 days have passed. It simply needs time to analyse and evaluate suspicious applications. By switching off the virtual machine, he has essentially deprived webroot of this ability. He does not need so many days in fact. All he needs to do is to leave the virtual machine running for a day with all the malware running. That way we will truly see how effective is webroot at analysing and detecting malware through its behaviour threat analysis module.