Yes, I read that. On the note on Webroot. The fanboyism is strong in this one. Note that I use Webroot myself on three of my machines. Even if Webroot DOES 'monitor' the threat which it didn't detect in the first place, that is no guarantee Webroot is totally isolating the malicious process. It might very well leak out sensitive information before it gets detected (in this test within 24 hours) and the changes it have done are 'journaled' back. I'm an avid Webroot user myself, but that is the weak part about WSA. It's always better to detect and block without letting the process run. If I had known I had a malicious file running for 24 hours, even if Webroot would eventually detect it, the harm would be done. I'd have to change all passwords, contact with bank etc because I just don't know what Webroot has let the malicious file do (even if the devs behind WSA claim no harm was done). On top of that, even WD did better, and that is unacceptable to me as a paying Webroot customer. I expect top notch protection and not just 'words'. Webroot should always perform better than the baseline AV, Windows Defender. It didn't do that now but I hope it will someday.