Age/popularity heuristics

[BoerenkoolMetWorst]

I was trying to trigger the age/pop heuristics by executing rare and newer software but I haven't been able to trigger a detection so far. Even with both age and popularity set to maximum it does not trigger on software that would normally have been triggered with Prevx 3 on lower settings. Is it fully working?

Also I did this to check if some improvements were already implemented which I suggested here and were confirmed for v4:
http://www.wilderssecurity.com/showthread.php?t=283838
Are they implemented in WSA?

[PrevxHelp]

The Age/Popularity heuristics now take into account the behavior of a program. As we're just coming out of the beta, the Age/Popularity heuristics aren't fully enabled but once we establish a good baseline of users, we'll be turning them on.

In the meantime, you can set specific areas to block any non-whitelisted file or by raising the Advanced Heuristics which will show a "HIPS" warning like the one below:

[BoerenkoolMetWorst]

Thanks.

Quote:

Originally Posted by PrevxHelp

In the meantime, you can set specific areas to block any non-whitelisted file

How to do this? Are these the options in the Core system shield which are already enabled by default?(Except for HOSTS file modification.)

[Romagnolo1973]

Quote:

Originally Posted by BoerenkoolMetWorst

Thanks.



How to do this? Are these the options in the Core system shield which are already enabled by default?(Except for HOSTS file modification.)

pc security - edit heuristic - set "warn when new programs execute taht are not trusted", in this case you bypass heuristics and are you that decide what allow or not

[PrevxHelp]

Quote:

Originally Posted by Romagnolo1973

pc security - edit heuristic - set "warn when new programs execute taht are not trusted", in this case you bypass heuristics and are you that decide what allow or not

Exactly

[TonyW]

Quote:

Originally Posted by Romagnolo1973

pc security - edit heuristic

Just to clarify in case anyone is trying to find this - find it here: PC Security/Shields/Edit Heuristics.

Alternatively, click on Settings and go to Heuristics.

[BoerenkoolMetWorst]

Quote:

Originally Posted by Romagnolo1973

pc security - edit heuristic - set "warn when new programs execute taht are not trusted", in this case you bypass heuristics and are you that decide what allow or not

Yes, but that is about the execution of untrusted files(a nice feature btw), but I asked about blocking modifications done by untrusted files, like setting itself up to automatically start on boot like shown in Joe's screen.

[PrevxHelp]

Quote:

Originally Posted by BoerenkoolMetWorst

Yes, but that is about the execution of untrusted files(a nice feature btw), but I asked about blocking modifications done by untrusted files, like setting itself up to automatically start on boot like shown in Joe's screen.

You can do that by raising the Advanced Heuristics one or two levels from the default Medium.

[BoerenkoolMetWorst]

Quote:

Originally Posted by PrevxHelp

You can do that by raising the Advanced Heuristics one or two levels from the default Medium.

Thanks

[BoerenkoolMetWorst]

Quote:

Originally Posted by PrevxHelp

As we're just coming out of the beta, the Age/Popularity heuristics aren't fully enabled but once we establish a good baseline of users, we'll be turning them on.

WSA has been released for a while now and a lot of old Webroot customers have been transfered, so are they completely enabled now?

[PrevxHelp]

Quote:

Originally Posted by BoerenkoolMetWorst

WSA has been released for a while now and a lot of old Webroot customers have been transfered, so are they completely enabled now?

I believe they're still slightly different than the P3 age/popularity heuristics in how they work (as they're taking into account the behavior of files still) but we're currently working on tuning them fairly regularly to see how to best work within the configuration

[BoerenkoolMetWorst]

Ok, thanks.