Monitored files.

Discussion in 'Prevx Releases' started by Esse, Dec 17, 2012.

Thread Status:
Not open for further replies.
  1. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    383
    Hi guys!
    I am testing out a 6 month trial of WSA and I have a question regarding never before seen files by WSA, the Monitor mode.
    How long would you say it usually take your Cloud to decide if the file is malicious or not?
    I did try the browser Maxthon for a couple of days and at all time it was under "Monitor".
    Now the same thing with the newest version of the browser Comodo Dragon.
    I am just thinking if the files did belong to for example an admin program used in a working environment then a couple of days is a bit long wait.
    Especially if that program needs internet access, as Monitored files are not allowed internet access right? Or did I misunderstood that?
    I hope you understand what I am getting at here.

    Cheers

    /E
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    There shouldn't be any ill effects when they are monitored but if you want them whitelisted Save a Scan Log and send all the lines that have a U in front to the support inbox. https://www.webrootanywhere.com/servicewelcome.asp?

    TH
     
  3. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    383
    Thx TH, I understand that, but that is not the point. Sooner or later the Cloud must have made up it´s mind right?
    The file could be malicious, the user does not know that.

    /E
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    True and depends if the Webroot userbase sees that many users are seeing the same file or program you did say:
    so how many users use these programs and when a new update goes out WSA sets them to Monitor, now I see the same thing happens after Windows Update and then a few days go by and they are set to Good from Unknown.

    TH
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Good or bad it is anyway useful to report to support as they can whitelisting it or blacklisting too.
     
  6. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    383
    Yes fax, I know this is useful. But a non "interested" user will never do that, as they do not care one bit what their antivirus does, they only know they have one, or not... ;)

    TH, if I understand you correctly it can take a couple of days to get new files cleared by the cloud then.
    What about the part were the monitored files are allowed to use internet or not? Or was that only if the application were added to Safeonline?

    /E
     
  7. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Potential Leakage of sensitive information will be taken care by Identity Shield while the extent of suspicious activities by the application will trigger action by WSA sooner than later. I guess more details about the logic behind WSA is on the cloud and there will no way to disclose it as it represent the strenght of the tool :)
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Monitored programs will still be able to access the internet unless you're specifically blocking them. New files will take some time to be classified, or could be classified instantly - it just depends on the type of program and what rules it matches. Monitored programs will be blocked from accessing private data so even if they are accessing the internet, they won't be able to steal your information in the first place.
     
  9. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    383
    Ahh! Thank you! That is great, no leakage :D

    /E
     
Thread Status:
Not open for further replies.