Webroot SecureAnywhere Complete - user experience.

I have a question regarding Webroot's remediation. What does Webroot do if you run a file that is unknown to Webroot a first. Webroot will of course Monitor the file and record all changes that it does to the System. Now let's say this file remains unknown to Webroot for a longer period of time so Webroot still does not block it but the file did malicious Actions in the meantime as it is indeed malicious. Now let's say you turn off the Computer while Webroot still doesn't know that the file was malicious.

When you start your Computer the next time the file/process is no longer active. And the file will never run again on the same System although Webroot now has a classification for it being malicious.

Will the changes to the System done by that malicious file remain until the same file is run again in the System and then declared as being bad so that remediation can Trigger?

My guess is that Webroot Needs to identify a file as being bad in order to be able to rollback from the changes.

 

See, I have a question about that to. And its one of the reasons why I never have even tried webroot.

What happens if a malicious file isnt classified as malicious yet by webroot and I know it would record all the changes but say its a ransomware sample that locks safemode so there is no way to rollback the changes or if its a cryptolocker variant and it cant decrypt your files.

Its things like that, that make me really second and third guess a try with this program.

 

The file does not need to run again - WSA checks files in the background even when idle separately from scans, and the scheduled scans will recheck all files which are unknown. So, as soon as our cloud knows that it's malicious, we'll revert the changes made by the threat.

 

WSA blocks threats from taking over the system or locking users out of safemode, and generically reverts Cryptolocker changes in their entirety (assuming it would be able to get past our protection against it in the first place).

Additionally, the Identity Shield will protect against threats which access user data from any unknown or malicious process, so you're protected in realtime as well.

I don't think there's any reason why you wouldn't use WSA (although I'm admittedly biased ) as you can run it alongside any other major security solution.

 

I would still really love to receive a log at some point, as I've asked numerous times...

 

I'd have to say that my experience has been very positive overall.
When I have had any issues they were quickly addressed by the Webroot folks here, Joe and Daniel, as well as the folks at their tech support if need be.

The fact that it works seamlessly, on my system, with Sandboxie and Online Armor makes it a great choice as well.

Add to that that it is offered for free via an online financial institution and it's win-win all around.

 

And about firewall settings like it used to work prior to Win8.. http://community.webroot.com/t5/Ide...-Settings-options-in-WSA-Products/idi-p/25226
Once that is back, WSA is my first love.

 

As I said before: https://www.wilderssecurity.com/showpost.php?p=2348876&postcount=20

TH

 

Hi. I have been using Webroot for almost a year and administrate 3500 licenses. Because the amount of licenses is divided in to 5 companies there is a daily job with administration of the endpoints.
If we have had 45 licenses the web interface for administration would be ok but we dont and it is awful, repeat awful. I've been promised that they are working on that part so let hope ....
From the endusers point of view it works as it should. They dont recognize it is there, unless the scanning is actually running. Even then it runs very fast and is no problem at all.
The biggest challenge is "odd behavior" in lack of a better word. I've been using both weeks and months investigating problems positively identified by the precense of webroot. (slow behavior af certain programs, opening office-files in web app instead of related programs, cutting off the first letter when You type) The worst is that it is very erratic even though our PC's is made from same the image.
The webroot staff have been very nice trying to help but it have certainly giving them problems too..
No doubt. I'm happily married with webroot but if the above doesnt get solved a divorce is inevitable.

 

Thanks for the post - 3,500 licenses can certainly cause some difficulties to manage! Could you send me your email address via private message so that I can ensure your account is being taken care of at a higher level?

 

I've used WSA complete for several years. It is light on resources and that's a big plus.

If we look at functionality then I think WSA antivirus is sufficient. Password manager is useless - you can use lastpass directly. 25gb backup has never really worked for me - constantly crashing and webroot support were not able to fix this for me (they've tried several times). And by the way - there are a lot of other free and secure solutions available for this. Therefore I would not choose WSA complete if I had to do a buy today.

What I miss is some 3rd party testing on its effectiveness for protection or infection removal. Sure I never got infected while using WSA, but I've also never been infected with other AVs
So, in order for me to buy more of WSA years, I'd like to see some independent tests first.

 

I had possibly the worse internet shopping experience in 17 years when I decided to buy before trying the basic anti virus software, I had used it before and they were practically giving it away (maybe there is a message is there)
every browser other than ie was noticeably slower there's been some sort of windows explorer memory leak to the sum of 4/500 meg forever on windows 8.1 64 bit.
After an hour of using on both computers I asked for my money back and was told to go and buy more ram, I have 8 gig on laptop 16 on desktop. They then said it was my fault I should have used the trial, which is very true!
live and learn.

 

6 posts here of which 5 relates to WSA complaining? On top with a license "purchased" on ebay? Ehm... likely a biased feedback...