Hi guys! I am testing out a 6 month trial of WSA and I have a question regarding never before seen files by WSA, the Monitor mode. How long would you say it usually take your Cloud to decide if the file is malicious or not? I did try the browser Maxthon for a couple of days and at all time it was under "Monitor". Now the same thing with the newest version of the browser Comodo Dragon. I am just thinking if the files did belong to for example an admin program used in a working environment then a couple of days is a bit long wait. Especially if that program needs internet access, as Monitored files are not allowed internet access right? Or did I misunderstood that? I hope you understand what I am getting at here. Cheers /E
There shouldn't be any ill effects when they are monitored but if you want them whitelisted Save a Scan Log and send all the lines that have a U in front to the support inbox. https://www.webrootanywhere.com/servicewelcome.asp? TH
Thx TH, I understand that, but that is not the point. Sooner or later the Cloud must have made up it´s mind right? The file could be malicious, the user does not know that. /E
True and depends if the Webroot userbase sees that many users are seeing the same file or program you did say: so how many users use these programs and when a new update goes out WSA sets them to Monitor, now I see the same thing happens after Windows Update and then a few days go by and they are set to Good from Unknown. TH
Good or bad it is anyway useful to report to support as they can whitelisting it or blacklisting too.
Yes fax, I know this is useful. But a non "interested" user will never do that, as they do not care one bit what their antivirus does, they only know they have one, or not... TH, if I understand you correctly it can take a couple of days to get new files cleared by the cloud then. What about the part were the monitored files are allowed to use internet or not? Or was that only if the application were added to Safeonline? /E
Potential Leakage of sensitive information will be taken care by Identity Shield while the extent of suspicious activities by the application will trigger action by WSA sooner than later. I guess more details about the logic behind WSA is on the cloud and there will no way to disclose it as it represent the strenght of the tool
Monitored programs will still be able to access the internet unless you're specifically blocking them. New files will take some time to be classified, or could be classified instantly - it just depends on the type of program and what rules it matches. Monitored programs will be blocked from accessing private data so even if they are accessing the internet, they won't be able to steal your information in the first place.
