Webroot SecureAnywhere CE 22.2 v's 1000 sample .exe test

GonzitoVir

Level 5
Verified
Well-known
May 16, 2017
200
Sure, maybe PCMag is not a good source of credibility, but to be fair, the report also says:

To get a look at protection against the latest threats, I start with a feed of URLs that researchers at MRG-Effitas recently found to be hosting malware. Typically, these are no more than a couple days old. I launch each and note whether the antivirus prevents browser access to the dangerous URL, eliminates the file upon download, or completely fails to notice the malware download.

Of more than 100 validated dangerous URLs, Webroot blocked 85% in the browser and wiped out the malware payload of another 11%, for a total of 96% protection.
 

Nevi

Level 12
Verified
Top Poster
Well-known
Apr 7, 2016
568
Webroot and it's good old gigabytes of WRData folder xD

~LDogg
I have heard about that one many times, but have never seen it in those 10 years I used Webroot. The highest I have had in WRData was around 30 MB. Luckily there are so many AVs on the marked, that people can use something they feel are good.
I think the chance for it to happen, is bigger if people download a lot of new stuff from the internet.
 

Sorrento

Level 13
Verified
Top Poster
Well-known
Dec 7, 2021
631
I think you are right, the main issue was uncommon or updated programs, I was quite a proponent of WR some years ago, it was later I found it's weak points & disagreeing with support in any way would have you keelhauled as a minimum punishment - I trusted WR in the beginning as I was an ex Prevx user.
 

Muddy7

Level 2
Verified
Jun 27, 2014
66
Hi, @kC77

Webroot SecurityAnywhere uses the option "Enable enhanced heuristics based on behavior, origin, age, and popularity of files". Did you use it in your test?
i dont recall exactly what the settings were, except at default, is that a default setting?
No it's not the default setting
That's funny. For years, I have deliberately kept Webroot on default settings, and "Enable enhanced heuristics based on behavior, origin, age, and popularity of files" is enabled in my heuristics settings. And has been as long as I remember if I'm not mistaken.
 

roger_m

Level 42
Verified
Top Poster
Content Creator
Dec 4, 2014
3,194
That's funny. For years, I have deliberately kept Webroot on default settings, and "Enable enhanced heuristics based on behavior, origin, age, and popularity of files" is enabled in my heuristics settings. And has been as long as I remember if I'm not mistaken.
It's enabled for me too. The only change I've made is to disable PUP detection.
 

likeastar20

Level 9
Verified
Mar 24, 2016
423
Webroot SecurityAnywhere is tested for a few years by AVLab. The methodology is very similar. Here are the results compared to a few other AVs.

AVLab (over 17 000 samples in 16 tests, July 2019 - November 2021)
The table contains the missed samples in these tests:

.............................MONTH:.. J......S.....O...N....j....m...M...J....S....N....j...m...M...J....S....N..
Avira Pro (Prime) ............... 0....12... 0...0... 0... 0... 1... 1... 1... 0... 0...0... 0... 0... 0...33 = 48 (16 tests)
Defender ............................ x ... x ...17.. 0 .. x.. 20.. x... x... 0... x... 8... 0... 0 ...x... 2... x = 47 (8 tests)
TrendMicro ........................ x ... x ... x ... x ... x.. 2..158 x ... x ...x ...x ...x ...x ...x ...x ... x = 160 (2 tests)
F-Secure .......................... 103.. x ...x ... 0 ...x ...x ....x ...x ...x ... x... 0... x ...x ...x ...x .. 0 = 103 ( 4 tests)
Webroot ............................ x .... 0 ...x ... 0 ...0 ...0 ...0 ...1 ...0 ... 0... 0... 0...0... 0... 0.. 3 = 4 (14 tests)


x - means that the AV did not participate in the test.
j = January, m= March

As we can see, such tests can have a big random error. The AVs can score 100% several times and suddenly terribly fail on tenths of samples.
Only AVs that are based on the file reputation lookup or detonation in the sandbox can avoid this error.
"detonation in the sandbox", what AVs use this method?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,605
"detonation in the sandbox", what AVs use this method?
Several Avs can use it but they can differ on which files are automatically detonated and in which circumstances. Some AVs use it only in Enterprise versions.
For example:
  • Avast (all versions) can use it for all *.exe files downloaded directly from the Internet (CyberCapture feature).
  • Kaspersky uses it in Kaspersky Endpoint Security for Business.
  • Eset can use it via the LiveGuard feature.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top