Webroot SecureAnywhere CE 22.2 v's 1000 sample .exe test

GonzitoVir · May 21, 2022

Sure, maybe PCMag is not a good source of credibility, but to be fair, the report also says:

To get a look at protection against the latest threats, I start with a feed of URLs that researchers at MRG-Effitas recently found to be hosting malware. Typically, these are no more than a couple days old. I launch each and note whether the antivirus prevents browser access to the dangerous URL, eliminates the file upon download, or completely fails to notice the malware download.

Of more than 100 validated dangerous URLs, Webroot blocked 85% in the browser and wiped out the malware payload of another 11%, for a total of 96% protection.

LDogg · May 21, 2022

Webroot and it's good old gigabytes of WRData folder xD

~LDogg

GonzitoVir · May 21, 2022

LDogg said:
Webroot and it's good old gigabytes of WRData folder xD

~LDogg

Yes, I remember that

kC77 · May 21, 2022

Andy Ful said:
Hi, @kC77

Webroot SecurityAnywhere uses the option "Enable enhanced heuristics based on behavior, origin, age, and popularity of files". Did you use it in your testHi,?

i dont recall exactly what the settings were, except at default, is that a default setting?

Harputlu · May 21, 2022

kC77 said:
i dont recall exactly what the settings were, except at default, is that a default setting?

No it's not the default setting

Nevi · May 22, 2022

LDogg said:
Webroot and it's good old gigabytes of WRData folder xD

~LDogg

I have heard about that one many times, but have never seen it in those 10 years I used Webroot. The highest I have had in WRData was around 30 MB. Luckily there are so many AVs on the marked, that people can use something they feel are good.
I think the chance for it to happen, is bigger if people download a lot of new stuff from the internet.

Sorrento · May 22, 2022

I think you are right, the main issue was uncommon or updated programs, I was quite a proponent of WR some years ago, it was later I found it's weak points & disagreeing with support in any way would have you keelhauled as a minimum punishment - I trusted WR in the beginning as I was an ex Prevx user.

Muddy7 · May 23, 2022

Andy Ful said:
Hi, @kC77

Webroot SecurityAnywhere uses the option "Enable enhanced heuristics based on behavior, origin, age, and popularity of files". Did you use it in your test?

kC77 said:
i dont recall exactly what the settings were, except at default, is that a default setting?

Harputlu said:
No it's not the default setting

That's funny. For years, I have deliberately kept Webroot on default settings, and "Enable enhanced heuristics based on behavior, origin, age, and popularity of files" is enabled in my heuristics settings. And has been as long as I remember if I'm not mistaken.

roger_m · May 23, 2022

Muddy7 said:
That's funny. For years, I have deliberately kept Webroot on default settings, and "Enable enhanced heuristics based on behavior, origin, age, and popularity of files" is enabled in my heuristics settings. And has been as long as I remember if I'm not mistaken.

It's enabled for me too. The only change I've made is to disable PUP detection.

likeastar20 · Aug 19, 2022

Andy Ful said:
Webroot SecurityAnywhere is tested for a few years by AVLab. The methodology is very similar. Here are the results compared to a few other AVs.

AVLab (over 17 000 samples in 16 tests, July 2019 - November 2021)
The table contains the missed samples in these tests:

.............................MONTH:.. J......S.....O...N....j....m...M...J....S....N....j...m...M...J....S....N..
Avira Pro (Prime) ............... 0....12... 0...0... 0... 0... 1... 1... 1... 0... 0...0... 0... 0... 0...33 = 48 (16 tests)
Defender ............................ x ... x ...17.. 0 .. x.. 20.. x... x... 0... x... 8... 0... 0 ...x... 2... x = 47 (8 tests)
TrendMicro ........................ x ... x ... x ... x ... x.. 2..158 x ... x ...x ...x ...x ...x ...x ...x ... x = 160 (2 tests)
F-Secure .......................... 103.. x ...x ... 0 ...x ...x ....x ...x ...x ... x... 0... x ...x ...x ...x .. 0 = 103 ( 4 tests)
Webroot ............................ x .... 0 ...x ... 0 ...0 ...0 ...0 ...1 ...0 ... 0... 0... 0...0... 0... 0.. 3 = 4 (14 tests)

x - means that the AV did not participate in the test.
j = January, m= March

As we can see, such tests can have a big random error. The AVs can score 100% several times and suddenly terribly fail on tenths of samples.
Only AVs that are based on the file reputation lookup or detonation in the sandbox can avoid this error.

"detonation in the sandbox", what AVs use this method?

Andy Ful · Aug 20, 2022

likeastar20 said:
"detonation in the sandbox", what AVs use this method?

Several Avs can use it but they can differ on which files are automatically detonated and in which circumstances. Some AVs use it only in Enterprise versions.
For example:

Avast (all versions) can use it for all *.exe files downloaded directly from the Internet (CyberCapture feature).
Kaspersky uses it in Kaspersky Endpoint Security for Business.
Eset can use it via the LiveGuard feature.

Search

Webroot SecureAnywhere CE 22.2 v's 1000 sample .exe test

GonzitoVir

Level 5

LDogg

Level 33

GonzitoVir

Level 5

kC77

Level 5

Harputlu

Level 5

Nevi

Level 12

Sorrento

Level 12

Muddy7

Level 2

roger_m

Level 42

likeastar20

Level 9

Andy Ful

From Hard_Configurator Tools

Similar threads