Quick bit of info Firstly I'm not trying to suggest the product is bad we have it installed everywhere, but I'm looking for viable reasons as to why the following happened. Laptop with webroot installed, linked to central administration. Recently had a pop up from ransomeware, ran scans with webroot and it found nothing. I ran scans with another AV product using an online scanner and it found 864 infected files. I downloaded the same product and installed it alongside webroot and ran scans, the first scan was with the preloaded def files that came with the product download which are very old. It found 80 infected files and removed. I then updated the def files and it found the rest of the files and removed them. What I'm trying to work out is why webroot missed them, as I've eliminated the 0 day element. I'm wondering if there is something in the configuration that is not set high enough or not enabled. The real time shield is showing as enabled and was all along. Some advice on what to check would be appreciated. If it is of any help the other AV product identified the infections as Win32/Filecoder.CR trojan Win32/Filecoder.CR.Gen trojan A variant of Win32/kryptik.CDOU trojan A variant of Win32/kryptik.CCXN trojan The management are asking if it didn't show up on one machine what is to say all the other machines aren't infected. I need something solid to go back with other than I'm sure they aren't.