Web Threat Shield nagging and too many false positive!

Discussion in 'Prevx Releases' started by gate1975mlm, Dec 23, 2012.

Thread Status:
Not open for further replies.
  1. gate1975mlm

    gate1975mlm Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    156
    I must admit I really dislike the Web Threat Shield in Webroot!

    I really get tired of seeing webroot popup telling there is a known threat on a web site and asking me to allow or block. If I go to a web site that does have a known threat why can't webroot just block the threat and put it in the quarantine without nagging me and still let me browse the web page?

    Also is it me or does webroot suffer from too many false positives?

    I am a former Avast user and I am starting to miss it because it was a lot less nagging and still gave you great protection at the same time.
     
  2. m0unds

    m0unds Guest

    are you consistently having these web threat shield FPs on a particular site or site(s)? have you tried contacting support to advise them of the FPs when they occur? personally, i've had three total web threat shield FPs w/the windows client in a year or so.
     
  3. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    o_O

    I go to hundreds of web sites and do a lot of semi-questionable things because I work in the security field, but I've seen a pop once and that was two months ago and caused because an advertisement was corrupted and turned into a drive-by loader.

    Tends to make me think that either your settings are too high or there has been a corruption of a wide-spread ad or your choice of sites is more interesting than mine. ;)
     
  4. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    If WR pops up, you can be guaranteed it's a serious threat on the website. Why? Because in my tests Webroot misses significant numbers of potential malware sites. Bullguard gets virtually all of them, and pops up quite regularly, and you can be assured it's a questionable site due to the commtouch resources within BG.

    However in my experience WR takes a more conservative approach, only really popping up on sites you are 100% guaranteed to get infected by. In 1.5 years of using WR it has only popped up on a half dozen sites for me.

    Easy to test, go to Malware Domains List, check the links. BG nails every one, WR will only knock on your browser for the most malicious ones. I think WR does this to eliminate confusion with users, and possibly false positives. For me, I prefer more robust detection, and more user interaction. To each his own.
     
  5. gate1975mlm

    gate1975mlm Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    156
    Ok for example I keep getting a warning with any link that uses anonym.to

    Link removed by PrevxHelp

    I reported it but its not fixed.
     
    Last edited by a moderator: Dec 23, 2012
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Being that the link you just pasted in this message attempted to infect me, I think it should continue to be blocked.
     
  7. gate1975mlm

    gate1975mlm Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    156

    infect you with what?
     
  8. gate1975mlm

    gate1975mlm Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    156
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Java loaded and interesting numeric-named processes started appearing - not indicative of anything legitimate :)
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Your observations are correct - Webroot currently focuses on blocking malicious websites where it's more effective to block the originating website than trying to track the infections coming from there (websites known to spread large amount of malware are where we focus). However, Webroot owns a company named BrightCloud which provides a very strong URL filtering service used by many major vendors mostly focused on the Enterprise space, and we will be incorporating this technology into our consumer offerings as well.

    In the meantime, I would be interested in your results if you have any free time to test out the BrightCloud toolbar to see how it fares in your testing. It isn't using all of the data it eventually will and it's still in an early form, but I would definitely appreciate any feedback: http://brightcloud.com/wrtoolbar.php

    Thanks!
     
  11. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Not a fan of toolbars actually but it seems a nice add on for chrome and firefox.
    Does it work for comodo dragon too.?
    If i did install this can i hide the toolbar and still have protection?
     
  12. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
  13. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    I tested it, so far it's not aggressive at all really. It successfully warned of most of the malicious sites. As with any whitelisting technology, there will be sites hit that aren't really that serious. Nature of the business.

    I don't generally use toolbars, but if they integrate more of the Brightcloud tech into WR, it would be a nice thing.
     
  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Partial Quote:

    That would be nice as I thought it already it was. :cool:

    Thanks Joe,

    TH
     
  15. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    also testing it out joe will let you know. looking very good so far though...
     
  16. m0unds

    m0unds Guest

    it'd be great if the service aggregated multiple reclassification request acknowledgements from a single email address so users don't receive one for each submitted request

     
  17. horseman

    horseman Registered Member

    Joined:
    Apr 11, 2004
    Posts:
    128
    Location:
    Hove - UK
    Chrome Version 24.0.1312.45 beta throws a consistent "Download was not a CRX" error! :(
     
  18. acooldozen

    acooldozen Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    218
    Location:
    White Rock, BC, Canada
    Where is Brightcloud for Opera?
     
  19. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows

    When visiting Brightcloud.com and entering a url, it is reported as clean. But webshield alerts visiting the same site. This happens with different url's.
    And as a bonus accompanied with the known bug where the webpage is displayed with a alert in the upper left corner from webShield.
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's understandable considering they're different databases (which will be merged). We're working on changing the web threat shield to block differently and function more cross-browser but this is still in the design phases.
     
  21. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Realtime scenario. 2 Win7 x64 PCs

    The same settings with webroot secure complete.

    PC 1 - url to a news site, blocked. url to a xxx site opens.
    Pc 2 - url to a news site opens. url to a xxx site blocked.
     
    Last edited: Jan 8, 2013
  22. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Also on the malware domain list WOT nails everyone of them too.People always discredit WOT but it does block malicious sites.
    I agree with you about bullguard though.
     
  23. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows


    It does not happen if I disable "Verify websites when visited
    to determine legitimacy"

    edit: problem not solved
     
    Last edited: Jan 8, 2013
Thread Status:
Not open for further replies.