Webroot SecureAnywhere Discussion & Update Thread

Discussion in 'other anti-virus software' started by Triple Helix, Jun 6, 2014.

  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    2,052
    Location:
    Canada
    well, I have been using WSA with OSArmor for two or three months now and they play very well together. System is very light and I feel the protection is quite safe, tough I am a safe surfer.;)
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    Thanks for the info and as you I'm a safe surfer! ;)
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,412
    Location:
    Surrey, England.
    No worries mon ami, and thanks for that further interesting info from Brad. Yes, I also saw Wilders was down when I looked at about 02.00hrs-03.30 London time.
     
  4. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
  5. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,341
    Location:
    USN Retired 1969 ~ 1992
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    We will see! :p
     
  7. SSherjj

    SSherjj Registered Member

    Joined:
    Mar 4, 2014
    Posts:
    174
    Location:
    New York, USA
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    Yes it is! Other Mac OS's will stay on Mac Version 9.0.10.162 (Released November 18th, 2019) but you know more than me as I'm not a Mac user! :p
     
    Last edited: Jun 27, 2020
  9. SSherjj

    SSherjj Registered Member

    Joined:
    Mar 4, 2014
    Posts:
    174
    Location:
    New York, USA
    Well I am happy that was clarified...Thank you again Daniel!
     
  10. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    For Beta Testers with a Beta Keycode!

    This build delivers new files that provide preliminary functionality to mitigate modern malware techniques. Initially this functionality is in monitor only mode to enable Webroot to refine its behaviour and accuracy. There are currently no user facing features or controls.

    This is an incremental update and add one additional file (noted in bold) to the following list Brad has previously shared.



    New files will be added in these locations:

    • C:\ProgramData\WRCore\CoreService
    • C:\ProgramData\WRCore\CoreService\Components\FCS\WRFCSUser.x86(.x64).dll
    • C:\ProgramData\WRCore\SkyClient\DB
    • C:\Program Files\Webroot\Components
    • C:\Program Files\Webroot\Core
    • C:\Program Files\Webroot\Core\WRCore.x64.sys


    And two new processes will run:

    • WRCoreService.x64.exe
    • WRSkyClient.x64.exe


    Description of each of the new components:

    • SkyClient is a new service used to communicate from the agent to our cloud backend.
    • WRCoreService is a new companion service that provides the foundation for our modular architecture.
    • WRCore.x64.sys secures inter-process communications and provides hash calculations.
    • Files in C:\ProgramData are shared across users. This includes determination database and logs.
    • Files in C:\Program Files are the primary executables and libraries
    • WRFCSUser looks for potentially malicious unknown processes and reports results to our Sky services.
     
    Last edited: Jul 2, 2020
  11. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    PC Agent Version 9.0.28.153 (Released June 15th, 2020)
    Added
    • Tech bench tool enhancements
    https://answers.webroot.com/Webroot/ukp.aspx?pid=12&app=vw&vw=1&login=1&json=1&solutionid=1131

    For Best Buy Geek Squad Subscription services in the US. https://www.webroot.com/us/en/home/products/geeksquad-register
     
  12. dnewhous

    dnewhous Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    41
    Location:
    Niceville, FL
    This works well with System Mechanic Ultimate Defense.

    In fact, System Mechanic Ultimate Defense has detected one virus on my computer.

    Name = W32/Rozena.R.Gen!Eldorado

    Location = C:\ProgramData\Microsoft\VisualStudio\Packages\Unity3D.X64,VERSION=3.0,CHIP=X64UNTYSETUP64-2017.2.0F3.EXE

    Does anyone know of any software that will detect and get rid of this?
    There's a how to guide online that says it is manual editing of the registry that will fix this, but I searched through the registry for eldorado and came up empty so the registry tip didn't help.

    Now I am trying to get rid of it by first installing it. Unity is a game engine. Even though I can log into this thing with my gmail account I don't know if this is the real Unity engine. It has a home page. So I can download it again if I ever wanted.

    Excuse me the modern term is apparently, "3-D development platform" rather than game engine.

    Anyway, now I have uninstalled it with the Apps & Features control panel and I am rerunning System Mechanic's full scan.

    It finished, no errors.
     
    Last edited: Jul 5, 2020
  13. MaxwellSmart

    MaxwellSmart Registered Member

    Joined:
    Aug 2, 2020
    Posts:
    7
    Location:
    usa
    I've been using Webroot since 2011, never had an attack complete it's process yet.
     
  14. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    676
    Optimizer spelled wrong located in Web Console.

    See attached.
     

    Attached Files:

  15. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    Your going to worry about one letter missing? :argh:
     
  16. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    676
    Not worried about it at all. Mentioned it so it could be corrected.
     
  17. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    Contact Webroot Support: Webroot Customer Service
     
  18. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    213
    https://www.webroot.com/blog/2020/0...what-they-are-and-what-were-doing-about-them/

    "In a recent update to Webroot® Business Endpoint Protection, we released a new Evasion Shield policy. This shield leverages AMSI, as well as new, proprietary, patented detection capabilities to detect, block, and quarantine evasive script attacks, including file-based, fileless, obfuscated, and encrypted threats. It also works to prevent malicious behaviors from executing in PowerShell, JavaScript, and VBScript files, which are often used to launch evasive attacks"

    Does anyone know if these protection mechanisms are available in the consumer version as well?
     
  19. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    @Gein Doesn't sound like it as it's controlled from from the Business Management Console: https://community.webroot.com/general-security-information-102/evasion-shield-faq-342813

    Pictures here: https://community.webroot.com/endpoint-agent-105/how-to-enable-the-webroot-evasion-shield-343775 and here: https://community.webroot.com/busin...oduct-bulletin-evasion-shield-may-2020-343239

    But Consumers have the Script Shield and this from a thread in the Beta group posted 2 years ago:

    2020-08-03_8-49-27.png
     
  20. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
  21. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    7,620
    Location:
    Hawaii
    I'm still running WRSA on my desktop computer. All this time I have left WRSA's firewall disabled because the firewall I am using allows user-developed rules whereas WRSA's firewall does not. Also, the firewall I am using lets me block the Security process from connecting outbound whereas, as far as I know, WRSA's firewall allows all Windows systemic processes to connect out.

    QUESTION: Am I the only one who wants a more granular firewall &, therefore, disables WRSA's firewall?
     
  22. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    No need to disable WSA's firewall as it's a smart firewall and blocks malware from calling out. I use Windows Firewall, WSA's Firewall is only Outbound and Glasswire Lifetime outbound as well so Windows Firewall is the only inbound one I use.
    https://docs.webroot.com/us/en/home...wall%20%2F%20Web%20Shield%20Protection|_____1
     
  23. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,409
    Is the firewall alert still design to allow the process after a period of time? I think this was talked about in the Webroot forum.
     
  24. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,098
    Location:
    Ontario, Canada
    As far as I know if the user is not there to allow or block. They always rely on the other shields (Realtime Shield) to protect against bad payloads. Personally I don't rely on WSA's firewall.

    Types of Shields
    SecureAnywhere includes the following types of shields:

    • Realtime Shield — Monitors unknown programs to determine whether or not they contain threats. Blocks known threats from running on your computer that are listed in Webroot’s threat definitions and in our community database. You should never disable this shield.
    • Rootkit Shield — Blocks rootkits from being installed on your computer and removes any that are present.
    • Web Shield — Blocks known threats encountered on the Internet and displays a warning. The Web shield maintains information on more than 200 million URLs and IP addresses to comprise the most accurate and comprehensive data available for classifying content and detecting malicious sites.
    • USB Shield — Monitors an installed USB flash drive for threats, blocks and removes any threats that it finds.
    • Offline Shield — Protects your system from threats while your computer is not connected to the Internet.
    • Script Shield — Protects your system from malicious scripts.
    The shields are pre-configured, based on our recommended settings. You do not need to configure any settings yourself unless you are an advanced user and would like to change the settings.

    Infrared Shielding and Warning Messages
    SecureAnywhere might display warnings to you even if you are not currently running a scan. There could be an unauthorized access to your computer even if you are working elsewhere on your computer and not currently surfing the Internet.

    In some cases, SecureAnywhere takes care of the problem automatically; for less severe cases, you are prompted to make a decision about whether or not you want to continue.

    To make a determination about what level of warning to display, SecureAnywhere uses a technology called Infrared. Infrared is a multi-layer defense that blocks threats very early in their lifecycle. This is accomplished through a number of engines that work together, considering several factors:

    • The safety level of websites.
    • The reputation and behavior of newly introduced applications.
    • By interpreting user behavior with an overall assessment of the safety level of the system. If a user is classified as a higher risk, based on a combined view of the security of their operating system, applications, and prior threats which have been observed, Infrared dynamically tunes its heuristics and background processing, flexing within the configuration options the user has set, but increasing their effectiveness while preventing false positives for the vast majority users.
     
  25. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,192
    Yes, unlike other firewalls, it automatically allows connections after two minutes.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.