and i am very surprised at the results. purposely infected it by shutting down webroot. installed a total of 6 virus' 2 trojans, 2 fake av's, and 2 keyloggers. re started webroot. and restarted pc to give virus' a fair chance to fully drop themselves into the system. then did a full scan with wsa complete. i then went and found all the edited registry keys and files quickly by doing a scan with hitman and malwarebytes to verify what i found manually so i knew what was to be removed ahead of time (or mostly for that matter) it found 4 of the 6 on scan and i told it to remove them. the other 2 i noticed were set to monitor automatically without my interaction. i decided to continue running the system and do some basic browsing of course not entering any real personal or banking info just in case since im still newer to wsa. after i would say around 45min to an hour i got a pop up saying it found a virus. this i found when i opened the gui was one of the missed ones. and it said it removed it. again continuing to browse i saw another pop up a bit later and i assume this was the last one. it removed it. then did a scan with wsa and it found 0 infected after all this. then did a scan with hitman pro it found nothing except tracking cookies. then malwarebytes. it found a pair of temp files which were nothing to be worried about imo. i then went to some of the modified files from the virus' and saw that the info on wsa is correct i was very surprised that the items changed in that file were gone!! checked for the registry keys and they were also removed. i would say this was success and allowed me to actually view how wsa really how it functions in day to day use especially when it didnt have a recognition for the 2 it missed. i would say it did a great job though i will still need some time to get used to the way it works when it misses something im used to items being removed immediately and not waiting with a infection on the system. i did not see any negative effects from the infections in the meantime and i can only assume that it did as it says by protecting those files since i did see them in the monitor mode. i was pleasantly surprised and kinda like this method and it will just take some getting used to knowing something may be there waiting to be removed. ill continue testing and will post more as i find it. thanks to webroot for a job well done so far.