Webroot SecureAnywhere PUBLIC Beta

Is it possible that the cloud has been dramatically improved lately?

I used to be able to copy ~12.000 fresh malware per day and around 2.000 would remain after WSA did its job. Now a lot more samples are detected by Malware.Generic definitions...leaving around 500 samples left for each batch... is this a co-incident or is it great engineering?

 

Hi Kent,

Can you please send a scan log to report@prevxresearch.com for they can have a closer look and maybe fix on there end?

Thanks,

TH

 

As Joe said before since Webroot acquired Prevx they have increased the staff for support and malware detections and FP's issues! And if you have any undetected files just contact support https://detail.webrootcloudav.com/servicewelcome.asp and they will ask for a scan log which will show the undetected files or FP's! Also Joe made a comment about submitting the MD5's from the log https://www.wilderssecurity.com/showpost.php?p=1925720&postcount=16

HTH,

TH

 

Also since v8 came out a small GUI bug or using it as a Cloud now?

TH

 

Done ...

 

Hi Joe,

Please check this thread for WRSA against Javascript keylogger, it fails in some cases:
https://www.wilderssecurity.com/showthread.php?t=306044

 

I don't think so:

 

I mean the protection of SafeOnline/Identity shield

 

Yes. The Identity Shield doesn't protect from the keylogger, although WSA as a whole does it.

 

What has the Identity Shield to block if you have trusted the program before? Should it block QuickTime, for example, that acts like a keylogger, clipboard logger, etc.?

 

The point is it that the Identity Shield should block all keylogging methods, WSA as a whole may have protected it this time because they detected the sample, but that doesn't mean they will detect all others. Plus, in this case, the executable that is quarantined doesn't matter. It is a proof of concept of a method which uses Javascript on a website to log the keystrokes and send them to the attacker. However this is not a real scenario, so the keystrokes are sent to a local server on your computer, which is the executable, so you can see the results.

Yes, except some programs like Keepass and others that already have been whitelisted by Prevx, all are blocked from accessing the browser when protected by Identity Shield. It is possible to allow them manually in Identity Shield settings. Plus the Identity Shield doesn't completely block a program from running, it only blocks the keylogging etc. behaviour.

 

I agree.

 

We don't have any further information than what is in the PDF. I suspect we will need to specifically have MRG test WSA but I'd imagine any of the issues would be fixed in the new implementation.

 

Thanks for the suggestion - you are correct Clicking "Save" will save the settings and close it in this dialog, however, but it is indeed inconsistent with the rest of the product.

 

Thanks for the feedback - I've added Macro Maker to the list of software to investigate incompatibilities with.

Thanks!

 

Yes it has been, and we have much more coming as well You'll probably want to right click scan the files as well to make sure we catch the rest just in case some weren't removed with the realtime scanning.

 

Based on the testing, it's possible that quarantining it in this case was relevant. When you restore a file from quarantine, it is automatically allowed (to prevent redetection/re-cleanup) but it will also be allowed to read keystrokes. It would be worth changing it to "Monitor" to test more accurately as that would be the case for an actual, untrusted program.

 

Wow. I am simply amazed. I am probably the one testing WSA against most 0-day threats here at Wilders... and I test some other products as well... but WSA is simply out of everyone else's league (a tiny % better than EAM, but WSA and EAM are _a lot_ better than everyone else... but WSA is still better than EAM not to mention how much lighter it is).

I will do as you suggest in the future... the problem is that you cannot mass select entries in the "Detection Configuration". I just want my legit installed application on that list. You have to delete entries one by one (this needs to be improved, really, as it's just a GUI change). So when I'm doing my tests, I have to spend 30 minutes by just deleting entries after my tests or re-install WSA.

I figure I could help WSAs detection rates a bit, but please make it possible to select all marked entries - right click - delete! I don't want 100.000 entries with malware I removed long time ago in the "Detection Configuration" list.

 

Yes, I already set it to monitor, and just checked the Identity Shield settings to be sure there was no rule allowing it to the browser, but it is still able to log the keystrokes.

 

Hello folks

I have Gdata Totalcare as antivirus, firewall etc
Can i still use secureAnywhere?

 

just a question, the Eicar test is whitelisted?

 

Still having Opera 11.50 freezes with 8.0.0.7. Opera just stops responding, even though it is on the "allowed" list, and "Shut down Webroot" clears the problem. Then bringing WRSA back up continues normally until the next freeze.

 

We have the same experience there. Right now I cannot use Opera 11.5 without shutting down WSA. The Opera freezing is annoying. I use the mail client of Opera when Gmail goes flaky on me. Now I can't even use it with WSA.

 

Interesting,I haven't experienced any such freezing
Are you running any extensions or is it vanilla?

 

Plain vanilla Opera. Maybe depends also on what else is running with it like Avast! and OA ++ Run Safer. I will turn off Run Safer and see if it makes a difference.