Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    219
    my in-laws are running nothing but WSA and haven't had a single infection (running since 2014). my BIL/FIL are extremely click-happy and would regularly reach out for help with stuff getting past whatever they had before. no such issues since i suggested WSA to them. i've deployed a few thousand endpoints' worth of wsa in businesses in the us with nary an issue that would trouble a regular user.
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
  4. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Any reported problems with WSA and the April MS Updates..
     
  5. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I can't say with Win 7 but I see no issues on Win 10 x64 build 1809. What are you seeing?
     
  6. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I have not installed the April updates yet.
     
  7. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,712
    Location:
    USA
    No issues at all here. Win7/64.
     
  8. amico81

    amico81 Registered Member

    Joined:
    Oct 18, 2017
    Posts:
    100
    Location:
    Germany
    Win 10....all fine here
     
  9. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    7/8.1/10 np here either. :thumb:
     
  10. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I found a limitation of WSA tonight. It can only quarantine 511 threats in one go. No matter how many threats it detects and are selected to be quarantined, only the first 511 will be quarantined. WSA does not say anything about the limit and it appears to be quarantining everything. But this is not the case.

    If there is an actual reason for this limitiation, it would make sense if WSA would stop the scan after 511 threats are detected. Since another scan is always started after finishing the quarantine process, remaining threats would get detected then.

    This is not something that would be an issue in normal usage situations, but I was scanning a folder containing a very large number of threats. It seemed quite strange that whenever it did a repeat scan, after quarantining files, that it was still finding a large number of threats. Then I noticed that each time it quarantined files, only 511 files vere being removed.
     
  11. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    wow, that's a very interesting find. i'll monitor this. thanks for your efforts, roger. :thumb:
     
  12. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Interesting! One lives and learns something every day ;).
     
  13. Mango555

    Mango555 Registered Member

    Joined:
    Apr 7, 2010
    Posts:
    46
    Location:
    Florida, USA
    Deja vu. Y2K all over again:rolleyes:
     
  14. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    ??

    Sorry! You've completely transcended the limits of my simple mind. Can you explain the connection to us proles? (Or is it just meant to be a clever joke?? If so, ditto as above.)
     
  15. Mango555

    Mango555 Registered Member

    Joined:
    Apr 7, 2010
    Posts:
    46
    Location:
    Florida, USA
    For those that can remember.

    Y2K = Most coders neglected to account for the coming of the year 2000 in their software code. World chaos was expected by the IT community.

    and now,

    Webroot coders apparently neglect to account for more than 511 items in quarantine. Will world chaos ensue?


    I'll show myself out now.
     
  16. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
  17. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Perhaps I should qualify my previous post.

    Reading @roger_m ’s post again, I must admit that it is I who have not understood his post correctly.

    He has made the interesting observation that Webroot can only quarantine 511 threats at a time. He argues that WSA should “stop the scan after 511 threats are detected” as, “Since another scan is always started after finishing the quarantine process, remaining threats would get detected then”.

    I am not technically as knowledgeable as I’d like to be about Webroot, but I would hazard to suggest that his reasoning is false here. His first point that WSA should “stop the scan after 511 threats are detected” as a subsequent scan is programmed anyway, is an interesting suggestion but the second point, that implies that this finite quarantine limit per scan prevents Webroot from detecting subsequent threats, seems to me to be flawed.

    It is well known that Webroot, exactly as Prevx on which its technology is based, will execute a plural series of scans once a threat is detected, continuing to do repeat scans until it deems that every threat has been eliminated.

    In this case, let us imagine theoretically that there were 2045 threats and that Webroot was able to detect and to quarantine 100% of those threats. In that case, 5 scans would have been necessary. The first four would have detected and quarantined 4 x 511 threats and the fifth would have detected and quarantined the 2045th. I am not sure of this next point, but I think that Webroot will then go on to perform a sixth scan to confirm that it can now give the device a clean bill of health.

    In fact, the last paragraph of @roger_m ’s post seems to imply that this is what actually happened (see particularly the last sentence of this paragraph) — though it doesn’t confirm whether 100% of the threats were caught.

    There seems to be an ambiguity between what he says in paragraph 2 and what he says in paragraph 3. Let’s hope he can come back and clarify on this. Did Webroot go on to quarantine further threats in the subsequent scans? Also, it would be interesting to know whether, in his opinion, it caught all the threats.

    My problem was that I picked up on his (very interesting) observation that it limits itself to quarantining only 511 threats per scan, and failed to pick up on the implied criticism in paragraph 2. I linked that observation to his comment about Webroot quarantining further threats in subsequent scans (a Prevx/Webroot habit that I know very well).

    Sorry for the misunderstanding!
     
    Last edited: Apr 23, 2019
  18. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    This is nothing new as WSA wasn't designed to scan malware packs and it was to stop the abuse of WSA many years ago.
     
  19. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    Yes that's how it works. The scans would be quicker, if it stopped scanning after detecting 511 threats, rather than continuing scanning, as with the repeat scans, the same files will be scanned multiple times.
    Thanks for the explanation.
     
    Last edited: Apr 24, 2019
  20. d_r

    d_r Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    9
    Location:
    HI
    Has webroot cut back on support post-sale? I filed a ticket a few days ago (asked them to add a new key to my account), haven't heard back. Usually over the years they've been very prompt.
     
  21. Muddy3

    Muddy3 Registered Member

    Joined:
    May 31, 2010
    Posts:
    415
    Location:
    Belgium
    Thanks for the clarification, @roger_m!
     
  22. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    You're welcome.
     
  23. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    FWIW ~ just now received Support response (for Unclassified) back in ~15 mins.
     
  24. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Something similar that Joe did for Prevx at the time: https://www.wilderssecurity.com/threads/prevx-question.242880/#post-1471066 but can't find the info about the 511 number in WSA so he could of just told me via PM or email.
     
  25. d_r

    d_r Registered Member

    Joined:
    Nov 26, 2017
    Posts:
    9
    Location:
    HI
    I finally heard from them today, though the reply didn't answer my question. Four days, including 2 business days, seems like a long time for a service request from a security company. I've been with WR for 6 years, and have never had more than a day's wait in the past on service tickets.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.