Discussion in 'Prevx Betas' started by Tarnak, Sep 26, 2013.
Under advanced settings > access control, you can disable captcha if you desire.
You may want to run a fresh install as the default CAPTCHA options only affect more significant security changes (changes to the Access Control settings or disabling one of the shields), or, as puff-m-d posted, you can disable it if you choose.
Running a scan daily is helpful as it ensures that you are using the latest whitelist information from active programs, meaning, as we whitelist new software, your computer will get progressively faster after it scans.
I have discovered something concerning my execution history issue (stops logging events) that may help you in figuring it out. I hope I can explain it in a way that makes sense. In order to explain, I am going to use the term "counter" to represent the number of logged events since the system was booted or rebooted, or WRSA was manually stopped and then restarted. This also applies to when the software is updated as I found out yesterday. Whenever this "counter" reaches 1000 events, the logging stops. For example if I start on fresh boot with the events in the log reset, when the number of events reach 1000 the logging stops. If I shutdown WRSA and restart it, the logging will resume and them again stop at 2000 events in the log (counter = 1000). Now say I reboot when there is 2500 events in the log. After reboot the logging will continue until 3500 events are in the log (again counter = 1000). This was hard to explain but I hope I have done a decent enough job for you to understand. This is 100% reproducible every time this "counter" gets to 1000. It is like it is supposed to stop at 1000 (I have reproduced this over half a dozen times now in my tests and it always happens at the counter = 1000 point.) I hope this helps.
You have two options with CAPTCHA; changing critical features and changing all features (again in Advanced Settings but this time under Access Control) which I find sufficient to discriminate between what is really important to protect and...paranoia
Give those a try.
Thanks - you are correct, it will store only the last 1,000 entries within one session (without rebooting), but I think this can be increased or use a rolling queue approach (where the earlier entries are written to disk to leave room for new entries).
I have been puzzled by this execution history logging stopping thing for over a year now. Numerous posts here and two support tickets never came up with an answer. It was not an easy thing noticing the 1000 event repeat cycle. It is very nice to know the answer now.
Thanks as always for your help as it is very much appreciated !!!
Just to confirm that after a fresh install earlier, I've now got LPPlugin.dll where it should be
Not overkill u want scan regulary just u not know yet.
Seriously if u have monitored unknown processes when u scan wsa check in to look alreday determined or not. Im not sure how this work if u not scan at all. Captcha can turn off in settings in 2013 version. Not option for this in 2014.
The explorer memory leak more important to fix i think that can ocure more problem. (explorer process use 330MB after install wsa. Normaly 25-60Mb in win 8.1)
Will someone let us know when the new web shield rolls out?
Joe said this in the 2014 release thread:
You can turn it off in the Access Control settings under Advanced Settings.
We're looking into this - it may be an artifact of it not being a final OS release yet and Microsoft enabling debug code. We've determined that it isn't a memory leak within WSA, however, and rather something within Explorer which is triggering when WSA is active.
Thanks for looking into this
Any idea how to undo this (cannot find the web filtering to delete) if accidentally clicked on "Unlock page & continue" (seems like this action is permanent)?
Looks like you're on the 2014 web filtering system, which is being rolled out slowly.
A whitelist.txt file should be in a new folder called WrUrl within the hidden C:\ProgramData\WRData. This file can be edited to remove entries added.
TH has a few screenshots here: https://community.webroot.com/t5/We...t/New-interface-web-site-list/m-p/59903#M1822
In your case, I think you'd have to remove the URL from the whitelist to have it blocked again.
So if I don't have this folder, I am still on the old version? I've been looking for a way to figure out if I have the update.
Edit: Just checked my machine that is using the beta code. That has the update. My second machine doesn't have it yet.
Yes, that's a good way of checking if you're on the new version.
You should also get an extension install request in browsers such as Firefox.
Thanks TonyW & I really appreciate your help.
Anyone having problems With the lock icon again? Mine starts out fine and then it gets stuck either on or off. I've tested it with keylogger simulators and doesn't seem to be functioning.
Are you using any other security software? Have you tried a clean reinstall with a Reboot in between? The browser must be in the active foreground always if the Simulators are in front of the browser window then the padlock will not show as the Browser must be the only thing in the active foreground then the Padlock will be there. Try this open your Browser and the Padlock is there right, now click in the taskbar somewhere the Padlock will disappear now click back into the active foreground of the Browser and the Padlock reappears.
I also have the lock icon dissappearing sometimes, even if the browser window is the active main window. Clicking multiple times in the browser window will usually make the lock icon appear again.
Has there been any progress or a status report concerning the execution history logging limitation? Thanks...
This has not been addressed yet - there are no security implications so it is a lower priority overall but is on the list.
Thanks a lot Joe! No big deal at all as I totally understand. It is a very nice feature but more times than not I end up having to do a reboot in order to use it. Glad to hear it is still on the list and not forgotten ...
Separate names with a comma.