Webroot SecureAnywhere Version 8.0.1.229 (Released August 18th, 2012)

[jim lin]

Webroot SecureAnywhere Version 8.0.1.229 (Released August 18th, 2012)

http://www.webroot.com/En_US/support-consumer-release-notes.html

Product Release Notes

Improved Compatibility with:
Avast
XChat
UltraMon
ConstantGuard ID Vault
Watchdog
Synaptics PS2 keyboard drivers

Multiple performance enhancements
including:
Reduced CPU load with numerous instances of Chrome
Reduced background CPU usage during scan
Uninstall process and performance enhancement
CPU usage when on the status screen
Reduced overhead of background threads while idle
Keyboard responsiveness with Identity Shield
(Business edition only) Increased server process shutdown speed

Significant threat detection and remediation enhancements
including:
CLSID cleanup
Kernel rootkit removal
Heuristic blocking of files with appended data
Context menu scans now support a significantly larger number of files
Windows 8 kernel support
Change journal support on 64-bit OS's
Exception tracking logic
Web Threat Shield blocking behavior
Updating from a previous version
Updated install and update process to prevent invalid paths
Reliability of status screen updates

Added New language support for:
Traditional Chinese

System Cleaner cleanup for Chrome
Scheduling for System Cleaner
System cleanup of Office 2003, 2007 and 2010 most recently used files list

New threat detections:
M0rpheus
Zeus Trojan
General malicious services
Enhanced zero-day threat prevention and warnings
Cleanup of .exe subkeys
Additional logging of active processes
Help and Support link in tray options
Desktop shortcut after install
(Business edition only) Logging when agent command scans are run

Fixed
Simultaneous initial scans
Caps Lock unexpected behavior on secure sites
Last scan display discrepancies
Context menu scans failure
Scheduled scan on boot up
(Business edition only) Handling of Account Management Website activation
Correct completion of active scans
Duplicate uninstall links
Identifying host file modifications
Scanning of some corrupt files
Duplicate prompts for untrusted program execution
Premature scan completion
Not scanning on battery power

Other changes
Major UI enhancements
Changed international product names to prevent language confusion
Help question mark in upper-right corner of UI now opens support web page
(Business edition only)
User response option removed for firewall prompts in centrally managed environment

 

[Deleted member 178]

Let try the new version !

edit: tested it quickly, some UI changes, but the detection is still quite low. I am wondering if it is due to the fact it was run in a VM...

 

[Tobi]

Maybe try again using a rollback software?

 

[Deleted member 178]

will do under Shadow Defender ^^

edit: finally done under real system, no changes, still 86/240.

 

[jim lin]

@Umbra Corp.

sorry to be dumb lol

but what is "still 86/240" ?

 

[loveboy_lion]

@Umbra Corp.

sorry to be dumb lol

but what is "still 86/240" ?

the detection rate posted in malware section

 

[Spirit]

@Umbra Corp.

sorry to be dumb lol

but what is "still 86/240" ?

http://malwaretips.com/Thread-Malware-Pack-240-malware-by-ReviewsAntivirus-InternetChicken-2012-08-18

 

[jim lin]

ok i think i understand the sendspace download link has 240 malware samples in it and you guy's
use them to test security software

so Webroot missed that much of these samples is it because of the samples are to new or is it that
Webroot is just slow at updating there virus definitions in the cloud

i use sandboxie if i'm doing something risky or shadow defender if i want to test something so would
using something like this help

ExeWatch 1.28
http://dre.redmartian.org/

thanks for the enlightenment

James

 

[Deleted member 178]

The problem is that we test zero-days or 1-days malwares, and Webroot heuristic detection set on high can't rise more than 50-60% in all the test i did.

I know that detection is not all that matters since WSA is quite good at prevention, but it is still an important factor of a AV quality.

It was at beginning i thought it was because i tested it on a VM, so i did on a real system to cross-check, but the results were the same.

 

[madyrocksin]

It was at beginning i thought it was because i tested it on a VM, so i did on a real system to cross-check, but the results were the same.

why testing on a VM might give low detection ??

 

[bitbizket]

The problem is that we test zero-days or 1-days malwares, and Webroot heuristic detection set on high can't rise more than 50-60% in all the test i did.

I know that detection is not all that matters since WSA is quite good at prevention, but it is still an important factor of a AV quality.

It was at beginning i thought it was because i tested it on a VM, so i did on a real system to cross-check, but the results were the same.

I did the same test sample yesterday with promising results.

WSA SA 185/240 77.08%
MBAM 237/240 98.75
HITMAN PRO 228/240 95%

WSA SA + MBAM Pro (185+53) = 238 99.17%

Misses two sample which one caught by Eset.

 

[Deleted member 178]

It was at beginning i thought it was because i tested it on a VM, so i did on a real system to cross-check, but the results were the same.

why testing on a VM might give low detection ??

Because cloud AVs rely on internet connections (for contacting the server) so in VMs some connections issues may happen.

 

[woodrowbone]

Umbra, when you test it do you only scan the files or do you execute them?
After all this is were WSA is supposed to shine???

/W

 

[DeadDrop]

Terrible results for Webroot, I won't be renewing my license going by those tests. Sadly it has a history of poor results Shame I spent good money for it and it's not a good program for detecting anything it seems.

 

[Plexx]

Terrible results for Webroot, I won't be renewing my license going by those tests. Sadly it has a history of poor results Shame I spent good money for it and it's not a good program for detecting anything it seems.

For the normal user who's risk factor can range between low to medium, Webroot is just fine.

The detection tests that some of us conduct here are based mainly on zero day malware.

 

[Deleted member 178]

Umbra, when you test it do you only scan the files or do you execute them?
After all this is were WSA is supposed to shine???

Detection tests means scanning only (for me), if i execute them it means prevention (WSA is fine for that)

 

[madyrocksin]

It was at beginning i thought it was because i tested it on a VM, so i did on a real system to cross-check, but the results were the same.

why testing on a VM might give low detection ??

Because cloud AVs rely on internet connections (for contacting the server) so in VMs some connections issues may happen.

Gotcha !! Never knew, thanks

 

[DeadDrop]

I don't think there are connection issues, Webroot just can't detect squat really it appears. Not a bad product but leaves a lot to be desired.

 

[Plexx]

I don't think there are connection issues, Webroot just can't detect squat really it appears. Not a bad product but leaves a lot to be desired.

You will need to give it time to evolve.

Detection ain't the best and I won't deny it but prevention is ok (I still prefer some tweaked settings against default settings though, since my tests were on stock settings, you could see the unfortunate result).

At this stage, I am still in the opinion that WSA works better has a companion AV although some of its modules are good.

Pairing WSA with FortiClient Lite for example might be a good combo (theoretically speaking).

Main issue I have with WSA is the price.

 

[woodrowbone]

I think we did talk about the rollback feature before in the request a review thread, I found this video explaining what WSA does to files NOT detected: If WSA misses to detect malware
Very impressive if you ask me, I guess we all have to take the results of many testing organisations with a grain of salt after seeing this video.
This feature is exactly what I am looking for in a "cloud security" program.

/W