Av-Comparatives June results!!

As Joe has said:

TH

 

This will happen only if the file in question is in the cloud. If not, the file will not be removed.

 

It will continue to check with the cloud but if you know you are infected you can contact WSA support and they will be happy to help you remove it FREE of charge that's another great thing most users don't know about WSA it's a win, win situation.

TH

 

Hello,

Basically what is trying to be said is this: If the file is not in the cloud then WRSA then immediately puts that file in "monitor" mode. Later if the cloud determines it is a baddie, since the file has always been monitored, all changes it has made to your system can be reverted. On the other hand if the cloud determines the file to be good, it will then stop monitoring it.

HTH...

 

Thanks. But you certainly could have malware on your computer much longer than 30 minutes.

 

Anything is possible but you will have to wait for Techfox to reply as it is his comment! But what Joe, Techfox and Kent said is very relevant as to how WSA works it's even part of the offline protection!

TH

 

You could...but I think that the 30 minutes figure came from a view of the 'average' time. I think that in the same thread a figure of 2 minutes was also mentioned. I suspect that it is not an exact science but rather depends on some external circumstances that may vary in timings.

I still think that the key thing is how the WSA process works in this scenario when compared with the more traditional (if we can call it that) approach that some other apps may be using (and I am not trying to disrespect other apps...before a flamer is started on this ).

 

I can't stop believin' in Webroot/Prevx...

But you guys have GOT to find a way to score well in these tests, or no one except a select few here will take your "security revolution" seriously.

 

Hey Joe. I did not see this previously posted statement by Kit.

Interesting. That's unfortunate if AV-C is really recording it as a failure as he describes.

 

Triple Helix "contact WSA support and they will be happy to help you remove it FREE of charge"
Just viewed todays Norton Forums, twenty two folk asking for help in removing malware from their machines, no sign of the paid help, just a solitary volunteer going by the name of Quads.

 

Never seen so many Zeroaccess infections in all my life as i have when viewing the Norton forums.I feel so much safer and secure here with WSA.Webroot support has to be amongst the best at what they do..and free of charge at that.Kudos to Quads though.He spends endless hours day in and day out helping infected users clean up their machines.Although he can be a bit of a jerk at times,he literally spends all of his spare time helping people and sometimes not even getting a simple thank you in return.I'm glad Webroot cares as much if not more about their users as Quads does about their users.Webroot is extremely responsive to us and has definitely earned my respect and business.i hope for better results in the future because i already truly believe in this product and it makes it much much easier to get someone to try WSA when you have a respectable score to reference.At the end of the day,if you have WSA installed and you are infection free,then hasn't WSA done it's job?The fools that typically get infected are the same ones that will get infected no matter the solution..ie.people who use pirated software etc,purposely visit known heavily infected sites etc.Continued Kudos to Joe and the team at Webroot for keeping my pc's safe

 

Eep! Sorry, I didn't realize I was being summoned.

The WSA client works based on MD5 hashes of the file to determine a specific file. Combining information from multiple locations, things are set as good, bad, or unknown. Everything any client ever sees is in the cloud in one of those states. The timing I quoted about two and thirty minutes, and three days, is based on the fact that I found an infector that was detected by zilch on VT, not by MBAM, not even removed by CF. It got past WSA also. So I was about ready to work on removing it manually or reimaging the test box and I had to take care of something else. I came back 30 minutes later to find WSA ready to rip it out. So I let WSA do so, and it removed it cleanly.

Why did it remove it cleanly? The file obviously wasn't marked good, because it wasn't. Could have been marked bad, because it wasn't detected immediately. So it had to have been unknown in the cloud. That means that the client monitored it, sandboxed it, tracked it, and sent that data to the cloud too. The cloud made the decision on it sometime while I was AFK, and that decision came down to the client, which ripped it out using the monitoring information to do a roll-back.

The same sample, checked against VT, MBAM, and CF three days later was still undetected. So if I had been using any other security program that is represented on VT, chances are the computer would still be infected three days later.

On the two minutes line, that's the long term average I've seen when I get a sample of something odd (like 0/42 on VT), tack some junk on the end to pseudo-obfuscate it, and then drop it on a WSA system. I copy it, run a scan if it's not detected (scan takes about 54 seconds on the test system), then run the sample. The sample runs (It pops up and starts doing its thing)... Which I expect would be a failure on a testing organization's rules for that sample... but WSA panics in a second or less on average and starts a scan. That scan usually takes about two minutes, usually after about a minute or less the running malware gets blocked multiple times and finally croaks, and following cleanup process from WSA gets rid of it quite effectively. I've seen the cleanup leave behind an empty install.log before (which also would likely cause a test fail for the sample), but that's it.

 

Sorry if the Norton Forums are so busy But if you need to contact WSA support to help to get rid of malware it's one on one and they have there own malware removers! https://www.webrootanywhere.com/servicewelcome.asp?

TH

 

I think he was comparing Webroot's help to Norton's "help".

 

Norton has free help? @ sturgess - If that was your point I'm sorry!

TH

 

He was pointing out that Norton's "Free Help" is one overworked non-Norton-Employee on their forums as compared to Webroot's highly-paid, very intelligent, professional Webrooters who clean the pipes of your computer for you.

 

Thanks for the clarification Techfox1976 and it's also sad to here for Norton users.

TH

 

Yes, that's why you always talk cents (like a double-eagle https://en.wikipedia.org/wiki/Double_eagle)
Just my one-third farthing

 

Techfox1976 "He was pointing out that Norton's "Free Help" is one overworked non-Norton-Employee on their forums as compared to Webroot's highly-paid, very intelligent, professional Webrooters who clean the pipes of your computer for you"
Spot on friend, and that is why as of last week I became a Webrooter

 

Norton has free help? @ sturgess - If that was your point I'm sorry!
It hasn't, and you needn't be, as previously posted here this day I am now a fully paid up Webrooter

 

I agree completely.

 

Worth a read regarding AV-C results: http://blog.webroot.com/2012/07/19/webroot-bulletin-regarding-av-comparatives-results/

 

Thanks Tony!

TH

 

Here is more added info from the Webroot Community Forums: http://community.webroot.com/t5/Sec...mparatives-June-Protection-Test/m-p/7884#M133

TH