purposely infected my machine

and i am very surprised at the results.

purposely infected it by shutting down webroot. installed a total of 6 virus' 2 trojans, 2 fake av's, and 2 keyloggers. re started webroot. and restarted pc to give virus' a fair chance to fully drop themselves into the system. then did a full scan with wsa complete. i then went and found all the edited registry keys and files quickly by doing a scan with hitman and malwarebytes to verify what i found manually so i knew what was to be removed ahead of time (or mostly for that matter)

it found 4 of the 6 on scan and i told it to remove them.

the other 2 i noticed were set to monitor automatically without my interaction.

i decided to continue running the system and do some basic browsing of course not entering any real personal or banking info just in case since im still newer to wsa.

after i would say around 45min to an hour i got a pop up saying it found a virus. this i found when i opened the gui was one of the missed ones. and it said it removed it.

again continuing to browse i saw another pop up a bit later and i assume this was the last one. it removed it.

then did a scan with wsa and it found 0 infected after all this. then did a scan with hitman pro it found nothing except tracking cookies.

then malwarebytes. it found a pair of temp files which were nothing to be worried about imo.

i then went to some of the modified files from the virus' and saw that the info on wsa is correct i was very surprised that the items changed in that file were gone!!

checked for the registry keys and they were also removed.

i would say this was success and allowed me to actually view how wsa really how it functions in day to day use especially when it didnt have a recognition for the 2 it missed. i would say it did a great job though i will still need some time to get used to the way it works when it misses something im used to items being removed immediately and not waiting with a infection on the system. i did not see any negative effects from the infections in the meantime and i can only assume that it did as it says by protecting those files since i did see them in the monitor mode.

i was pleasantly surprised and kinda like this method and it will just take some getting used to knowing something may be there waiting to be removed.

ill continue testing and will post more as i find it. thanks to webroot for a job well done so far.

 

i am continuing with this method and again wsa has taken care of the infections. im really not sure how the testing companies are in fact testing this software but for me it is doing a excellent job of removing the infections from the system.. ill be testing for the next couple days in this system continually monitoring infections in real time to see what happens and if / or it misses anything and i wil report if it does, and then send those off to webroot.

 

Though "Self testing" is frowned on I think, I want to point out:
The two it missed at first would be failed in an official test.
The temp remnants would fail it in an official test.

 

correct i agree with that. im trying to test for myself as well as point out why wsa possibly does get some lower marks in some testing. it really does the job very well imo (and im VERY HARD to impress) i saw the lower scores and wanted to see for myself. and this type of self testing is not what they do on you tube imo. im purposely infecting to see how the product handles a unknown step by step and maybe this will also shed some light for those who do not understand how it is supposed to work. im not doing this to simply throw links at it like most you tubers do. to me this is more real worls than anything to see how a product actually handles items including ones it misses at first. with most av's a miss would mean a full blown infection but what im seeing is by keeping the item in monitor mode it doesnt allow many of the things to happen i was expecting it to.

the more i use it the more im seeing how it really works and it answers my questions from when i read what joe posted to those who asked.

i do agree it would fail the test but it really does protect its just in a different way which is why i think it doesnt do well in most tests.

 

Yup.

Those would fail the test, but are successes in real user situation. Kinda sad, innit?

 

For all the good reasons better shared elsewhere.