White-listing methodology

Discussion in 'Prevx Releases' started by The Seeker, Jun 3, 2012.

Thread Status:
Not open for further replies.
  1. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    I'm curious as to the methodology Webroot uses to whitelist applications and their components.

    This question has arisen because of a program I have used for quite a while: Directory Opus. Now, DOpus has been around for over twenty years, first on the Amiga and now on Windows. Yet whenever I switch to a beta version, Webroot always sets the same two components to 'Monitor' under System Tools > System Control > Control Active Processes.

    I can understand beta versions being set to 'Monitor' temporarily as the MD5 hash has changed, but is there no way for a program (and its components), such as DOpus, to be white-listed permanently?
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Well on general principles I'm not sure I would want a permanent white list classification.

    It is based on the notion that code that is pure today can NEVER fall from grace.

    Like the people who produce code this can NEVER be true.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We never whitelist anything permanently, per-se. WSA is always monitoring what every process does, even if it's under 'Allow'.

    Whitelisting depends on correlations from other applications and rules written centrally to whitelist files. I recommend writing into our support inbox for them to whitelist any applications on your PC, which should move them into the 'Allow' category :)
     
  4. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    So whenever DOpus releases a new beta, and I install it, I'd need to open a ticket? Would it not be easier for me to simply move it to 'Allow' myself?

    Incidentally, I'm asking about this as I've noticed that when a program is set to 'Monitor', it has a slight hit on system resources. This was especially true when Google Chrome released its latest beta a few days ago (which has since been white-listed after I opened a support ticket).
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We will often automatically whitelist it once we've whitelisted one version, but it depends on how much code change they make across each version. You could certainly just mark it as Allow yourself, which will have the same effect.
     
  6. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Cool. Thanks for taking the time, Joe :)
     
Thread Status:
Not open for further replies.