Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Did you get a BETA keycode from Nic at the Webroot Community? And you have the same protection from the Beta as the release version!

    Daniel :)
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Preventing Threats using Machine Learning, Contextualization and Predictability

    David Dufour, Senior Director of Security Architecture, Webroot

    May 21 2015 1:00 pm EDT

    45 mins

    With the rapidly accelerating nature of attacks on network infrastructure and software systems approaches such as static block lists, manual policy configurations and other current prevention techniques have become outdated. Through the use of distributed computing, contextualization and machine learning it is possible to build tools that analyze data across multiple threat vectors allowing for the development of predictive algorithms and a greater understanding of an organizations threat landscape. We will walk through common machine learning techniques, discuss contextualization, how predictive logic works and see a demonstration of contextualized threat intelligence.

    https://www.brighttalk.com/webcast/...ce=brighttalk-portal&utm_medium=web&utm_term=

    Daniel :)
     
    Last edited: May 21, 2015
  3. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    What would be the point if it didn't?
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Are you running Android 5 (Lollipop)? I've read that call and SMS blocking can't be done in 5 (maybe with "root" but I'm not sure).
     
  5. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,102
    Location:
    on my zx10-r
    4.3 on my current phone my new phone which i should have soon will have 5.0. its not the sms i want to block but the soliciting phone calls. i get probably 30+ calls a day from companies trying to sell us stuff or to "introduce" themselves etc. getting super tired of them even when i ask them politely not to call back they just continue some on a daily basis.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Yeah, I know it really sucks. I would try something like "Caller ID, Block Calls & texts"

    https://play.google.com/store/apps/details?id=com.visinor.phonewarrior&hl=en
     
  7. guest

    guest Guest

    Webroot beta 8.0.8.89 together with Spyshelter 9.9.1 make chrome crash, it didn't happennd with the previous version.
    If I disable the Identity shield it works fine
    Win 8.1 x64
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    There is something with the latest Chrome update as it makes the Paaaword Manager crash as well and I'm not sure if it's related but you should contact Webroot Customer Service so they can look into it.

    Daniel
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Webroot SecureAnywhere Beta Update - 8.0.9.61 is now out!

    Here is some info:

    Thanks,

    Daniel :)
     
    Last edited: Jun 18, 2015
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Dan, I just got it, after booting into my WSA/VS snapshot...:)
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Does WSA scan SSL traffic? I cannot find a setting in the UI for it, but someone listed WSA in a different thread about AVs and SSL scanning so I wanted to confirm.
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Yes it does with it's Web Filter Shield and all the info from BrightCloud: http://www.brightcloud.com/platform/webroot-intelligence-network.php also see from my Web Filter scanning log.

    06/18 22:20:03:425 4740 Info: Browser: Firefox
    06/18 22:20:03:435 4740 Info: OPERATION_URLCAT Handle=00000BB4 Urls=1
    06/18 22:20:03:436 4740 Info: UrlCat Ticks=0 [{"URL":"https://www.winpatrol.com/mydownloads/","CAT.CONF":["2.76","5.75"],"BCRI":96,"ALCAT":1,"CACHED":1,"BLK":0,"REF":1}]
    06/18 22:20:03:442 4740 Info: OPERATION_PHRESHFISH Handle=00000BB4 RESET=1 Pages=1
    06/18 22:20:03:460 4740 Verbose: Finished PhreshPhish request: https://www.winpatrol.com/mydownloads/ Score: 1
    06/18 22:20:03:460 4740 Verbose: PhreshPhish Score=1 Ticks=31 Phish=0 White=0
    06/18 22:20:03:460 4740 Info: PHISH [{"ISPHIS":0,"ISWHT":0,"SCORE":1}]
    06/18 22:20:04:170 8784 Info: UrlCat Ticks=187 {"URL":"http://gv.symcd.com/","CAT.CONF":["5.93"],"BCRI":50,"ALCAT":0,"BLK":0,"REF":18446708893894575728}
    06/18 22:20:15:280 4740 Info: OPERATION_URLCAT Handle=00000BB4 Urls=1
    06/18 22:20:15:587 4740 Info: UrlCat Ticks=312 [{"URL":"https://community.webroot.com/t5/Home/ct-p/consumer#.UgKbcD_Nnnt","CAT.CONF":["2.90","4.90"],"BCRI":81,"ALCAT":0,"BLK":0,"REF":1}]
    06/18 22:20:16:019 8784 Info: UrlCat Ticks=0 {"URL":"http://ocsp.digicert.com/","CAT.CONF":["5.83"],"BCRI":92,"ALCAT":1,"REF":18446708893908391824,"CACHED":1,"BLK":0}
    06/18 22:20:19:248 8784 Info: UrlCat Ticks=187 {"URL":"http://ocsp2.globalsign.com/gsdomainvalsha2g2","CAT.CONF":["5.83"],"BCRI":92,"ALCAT":1,"BLK":0,"REF":18446708893908146064}
    06/18 22:20:19:248 8784 Info: UrlCat Ticks=0 {"URL":"http://clients1.google.com/ocsp","CAT.CONF":["50.100"],"BCRI":92,"ALCAT":0,"REF":18446708893756406096,"CACHED":1,"BLK":0,"NOPP":1}
    06/18 22:20:19:413 8784 Info: UrlCat Ticks=157 {"URL":"http://gn.symcd.com/","CAT.CONF":["5.93"],"BCRI":50,"ALCAT":0,"BLK":0,"REF":18446708893908391824}
    06/18 22:20:19:413 8784 Info: UrlCat Ticks=0 {"URL":"http://gn.symcd.com/","CAT.CONF":["5.93"],"BCRI":50,"ALCAT":0,"REF":18446708893908506512,"CACHED":1,"BLK":0}
    06/18 22:20:19:413 8784 Info: UrlCat Ticks=0 {"URL":"http://ocsp.godaddy.com/","CAT.CONF":["82.92"],"BCRI":92,"ALCAT":0,"REF":18446708893756279264,"CACHED":1,"BLK":0,"NOPP":1}
    06/18 22:20:19:449 8784 Info: UrlCat Ticks=0 {"URL":"http://weyedata.pelmorex.com/WeatherEye/AllData/CAON6756.xml?rnd=7976","CAT.CONF":["63.83"],"BCRI":88,"ALCAT":1,"REF":18446708893908104992,"CACHED":1,"BLK":0}
    06/18 22:20:19:478 8784 Info: UrlCat Ticks=0 {"URL":"http://earthquake.usgs.gov/earthquakes/feed/v1.0/summary/4.5_week.atom","CAT.CONF":["61.83"],"BCRI":96,"ALCAT":0,"REF":18446708893756279264,"CACHED":1,"BLK":0,"NOPP":1}
    06/18 22:20:19:712 4740 Info: OPERATION_GETCONFIG Handle=00000BB4
    06/18 22:20:19:713 4740 Info: Browser: Firefox
    06/18 22:20:19:746 4740 Info: OPERATION_URLCAT Handle=00000BB4 Urls=1
    06/18 22:20:19:747 4740 Info: UrlCat Ticks=0 [{"URL":"https://community.webroot.com/t5/Home/ct-p/consumer#.UgKbcD_Nnnt","CAT.CONF":["2.90","4.90"],"BCRI":81,"ALCAT":0,"CACHED":1,"BLK":0,"REF":1}]

    TH
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Thanks! Regarding scanning SSL traffic how is this accomplished by WSA? There's a discussion going on (see link below) about AVs that intercept SSL traffic by installing their own cert in the browser and why this is problematic.

    https://www.wilderssecurity.com/threads/ssl-scanning-whats-up-with-that.377256/
     
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Last edited: Jun 20, 2015
  15. Emetic

    Emetic Registered Member

    Joined:
    Oct 4, 2011
    Posts:
    73
    Would be good if you could stop reporting SEM (Synth Edit Modules) as malware.


    To be fair, quite a few AV do this, but it's annoying.

    I'm not sure why they trigger this, but just a FYI, they aren't malicious at all. I do flag them as good and report back, but they still get blacklisted later.

    Not a big deal. Can accept the odd F/P here or there.

    Great product. Perfect for my moronic relatives.
     
  16. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830

    They are encrypted with Themida to prevent reverse engineering. A lot of malware use Themida to obfuscate their code so that antiviruses can't identify them. Most of the soft synths build with Synthedit are used by very few people and thus their 'reputation' is very low. That's why antiviruses tend to eat SEM modules for breakfast as soon as a new malware family that uses Themida pops up.
     
  17. Emetic

    Emetic Registered Member

    Joined:
    Oct 4, 2011
    Posts:
    73

    Thanks a lot for the info. I'm not sure it makes my job any easier clearing things out now. I kind of just dismissed alerts that were from SEM. Seems like a good vector for an enterprising malware writer.

    Anyway, great information. Thank you very much.
     
  18. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    The default location for this kind of files (VST 2.4 plugins) uses to be C:\Program Files\Steinberg\VstPlugins or C:\Steinberg\VstPlugins. You could just whitelist that folder.
     
  19. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    My Comodo Dragon Browser updated today and right after that it looks like WSA Wrdata dbxxxxdb started getting big with hundreds of fragments when i was using Dragon.
     
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Running WSA v9.0.0.65...Just got it after booting back into my WSA snapshot since 5 days ago.
     
  21. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,841
    Location:
    KEEP USA GREAT
  22. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,674
    Location:
    South Wales, UK
    Hi there

    Just to advise that this version doesn't contain any changes from the previous 8.0.9.61 build, other than the drastic change of program version.

    Webroot have advised via the Community Forum, that this version change is intended to allow WSA to remain installed during an upgrade of operating system. Either from Windows 7 to Windows 10, or from Windows 8/8.1 to Windows 10.

    Change log:

    Windows 10 upgrade compatibility

    Hope that helps/explains the situation.

    Regards, Baldrick
     
  23. hayc59

    hayc59 Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,841
    Location:
    KEEP USA GREAT
    Baldrick, thank you
     
  24. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,234
    Location:
    Mass., USA
    Re: post 1378, and the "ghost" PCs in my Webroot Console.
    I replied to the unanswered support ticket and finally received a response: "Thank you for contacting Webroot Support. Those machines are deactivated now."
    Well, I had long ago "deactivated" the two ghost PCs, so I don't know what they mean by "deactivated now."
    And yes, the two mysterious PCs are still listed (with my keycodes)?
    Oh well....
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    What are you trying to do at this point? Do you just want to remove the "ghost" PCs? If so you should be able to do so easily if you've made yourself an admin in the PC Security section of your email account settings.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.