Webroot SecureAnywhere Discussion & Update Thread

well, I have been using WSA with OSArmor for two or three months now and they play very well together. System is very light and I feel the protection is quite safe, tough I am a safe surfer.

 

Thanks for the info and as you I'm a safe surfer!

 

No worries mon ami, and thanks for that further interesting info from Brad. Yes, I also saw Wilders was down when I looked at about 02.00hrs-03.30 London time.

 

Mac Users!

Webroot now does a gradual rollout method for releases. As such, not everyone will receive the update at the same time.

Mac Version 9.1.2.121 (Released June 25th, 2020)
Fixed

• Fix for repeated FDA dialog

https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=2022

 

FDA Finally fixed.

 

We will see!

 

Thank you Daniel! But I thought this Webroot update was only for Catalina? Right? I'm behind I guess..

 

Yes it is! Other Mac OS's will stay on Mac Version 9.0.10.162 (Released November 18th, 2019) but you know more than me as I'm not a Mac user!

 

Well I am happy that was clarified...Thank you again Daniel!

 

For Beta Testers with a Beta Keycode!

This build delivers new files that provide preliminary functionality to mitigate modern malware techniques. Initially this functionality is in monitor only mode to enable Webroot to refine its behaviour and accuracy. There are currently no user facing features or controls.

This is an incremental update and add one additional file (noted in bold) to the following list Brad has previously shared.



New files will be added in these locations:

• C:\ProgramData\WRCore\CoreService
• C:\ProgramData\WRCore\CoreService\Components\FCS\WRFCSUser.x86(.x64).dll
• C:\ProgramData\WRCore\SkyClient\DB
• C:\Program Files\Webroot\Components
• C:\Program Files\Webroot\Core
• C:\Program Files\Webroot\Core\WRCore.x64.sys

And two new processes will run:

• WRCoreService.x64.exe
• WRSkyClient.x64.exe

Description of each of the new components:

• SkyClient is a new service used to communicate from the agent to our cloud backend.
• WRCoreService is a new companion service that provides the foundation for our modular architecture.
• WRCore.x64.sys secures inter-process communications and provides hash calculations.
• Files in C:\ProgramData are shared across users. This includes determination database and logs.
• Files in C:\Program Files are the primary executables and libraries
• WRFCSUser looks for potentially malicious unknown processes and reports results to our Sky services.

 

PC Agent Version 9.0.28.153 (Released June 15th, 2020)
Added

• Tech bench tool enhancements

https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=1131

For Best Buy Geek Squad Subscription services in the US. https://www.webroot.com/us/en/home/products/geeksquad-register

 

This works well with System Mechanic Ultimate Defense.

In fact, System Mechanic Ultimate Defense has detected one virus on my computer.

Name = W32/Rozena.R.Gen!Eldorado

Location = C:\ProgramData\Microsoft\VisualStudio\Packages\Unity3D.X64,VERSION=3.0,CHIP=X64UNTYSETUP64-2017.2.0F3.EXE

Does anyone know of any software that will detect and get rid of this?
There's a how to guide online that says it is manual editing of the registry that will fix this, but I searched through the registry for eldorado and came up empty so the registry tip didn't help.

Now I am trying to get rid of it by first installing it. Unity is a game engine. Even though I can log into this thing with my gmail account I don't know if this is the real Unity engine. It has a home page. So I can download it again if I ever wanted.

Excuse me the modern term is apparently, "3-D development platform" rather than game engine.

Anyway, now I have uninstalled it with the Apps & Features control panel and I am rerunning System Mechanic's full scan.

It finished, no errors.

 

I've been using Webroot since 2011, never had an attack complete it's process yet.

 

Optimizer spelled wrong located in Web Console.

See attached.

 

Your going to worry about one letter missing?

 

Not worried about it at all. Mentioned it so it could be corrected.

 

Contact Webroot Support: Webroot Customer Service

 

https://www.webroot.com/blog/2020/0...what-they-are-and-what-were-doing-about-them/

"In a recent update to Webroot® Business Endpoint Protection, we released a new Evasion Shield policy. This shield leverages AMSI, as well as new, proprietary, patented detection capabilities to detect, block, and quarantine evasive script attacks, including file-based, fileless, obfuscated, and encrypted threats. It also works to prevent malicious behaviors from executing in PowerShell, JavaScript, and VBScript files, which are often used to launch evasive attacks"

Does anyone know if these protection mechanisms are available in the consumer version as well?

 

@Gein Doesn't sound like it as it's controlled from from the Business Management Console: https://community.webroot.com/general-security-information-102/evasion-shield-faq-342813

Pictures here: https://community.webroot.com/endpoint-agent-105/how-to-enable-the-webroot-evasion-shield-343775 and here: https://community.webroot.com/busin...oduct-bulletin-evasion-shield-may-2020-343239

But Consumers have the Script Shield and this from a thread in the Beta group posted 2 years ago:

 

Update for Mac Users!

Mac Version 9.1.3.103 (Released July 29, 2020)

Added

• Move from Kernel extension to Apple's new Endpoint security API to support upcoming MAC OS changes.

Fixes

• Fixed uninstall link on the WSA About section
• Corrected the intermittent upgrade problem
• Other minor bug fixes

https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=2023

 

I'm still running WRSA on my desktop computer. All this time I have left WRSA's firewall disabled because the firewall I am using allows user-developed rules whereas WRSA's firewall does not. Also, the firewall I am using lets me block the Security process from connecting outbound whereas, as far as I know, WRSA's firewall allows all Windows systemic processes to connect out.

QUESTION: Am I the only one who wants a more granular firewall &, therefore, disables WRSA's firewall?

 

No need to disable WSA's firewall as it's a smart firewall and blocks malware from calling out. I use Windows Firewall, WSA's Firewall is only Outbound and Glasswire Lifetime outbound as well so Windows Firewall is the only inbound one I use.
https://docs.webroot.com/us/en/home...wall%20%2F%20Web%20Shield%20Protection|_____1

 

Is the firewall alert still design to allow the process after a period of time? I think this was talked about in the Webroot forum.

 

As far as I know if the user is not there to allow or block. They always rely on the other shields (Realtime Shield) to protect against bad payloads. Personally I don't rely on WSA's firewall.

Types of Shields
SecureAnywhere includes the following types of shields:

• Realtime Shield — Monitors unknown programs to determine whether or not they contain threats. Blocks known threats from running on your computer that are listed in Webroot’s threat definitions and in our community database. You should never disable this shield.
• Rootkit Shield — Blocks rootkits from being installed on your computer and removes any that are present.
• Web Shield — Blocks known threats encountered on the Internet and displays a warning. The Web shield maintains information on more than 200 million URLs and IP addresses to comprise the most accurate and comprehensive data available for classifying content and detecting malicious sites.
• USB Shield — Monitors an installed USB flash drive for threats, blocks and removes any threats that it finds.
• Offline Shield — Protects your system from threats while your computer is not connected to the Internet.
• Script Shield — Protects your system from malicious scripts.

The shields are pre-configured, based on our recommended settings. You do not need to configure any settings yourself unless you are an advanced user and would like to change the settings.

Infrared Shielding and Warning Messages
SecureAnywhere might display warnings to you even if you are not currently running a scan. There could be an unauthorized access to your computer even if you are working elsewhere on your computer and not currently surfing the Internet.

In some cases, SecureAnywhere takes care of the problem automatically; for less severe cases, you are prompted to make a decision about whether or not you want to continue.

To make a determination about what level of warning to display, SecureAnywhere uses a technology called Infrared. Infrared is a multi-layer defense that blocks threats very early in their lifecycle. This is accomplished through a number of engines that work together, considering several factors:

• The safety level of websites.
• The reputation and behavior of newly introduced applications.
• By interpreting user behavior with an overall assessment of the safety level of the system. If a user is classified as a higher risk, based on a combined view of the security of their operating system, applications, and prior threats which have been observed, Infrared dynamically tunes its heuristics and background processing, flexing within the configuration options the user has set, but increasing their effectiveness while preventing false positives for the vast majority users.

 

Yes, unlike other firewalls, it automatically allows connections after two minutes.