Skip to main content
I just installed webroot. Thank you thank you,,,,

 

It says I had no threats. I have never witnessed such an event. Could this be correct???

 

I had all kind of problems before I installed, it seems to have somewhat fixed my buffering issue while on-the-line (ha)  Still having some issues. I just dont think it is working correctly any thoughts?

 

Thanks

Hebo
Hello  and Welcome to the Webroot Community Forums!

 

Why do you think that Webroot does not work correct?

If you suspect an system is infected:

The best thing to do is to Open a Support Ticketand ask Webroot Support to take a look and remove this for you.  There is no charge for this if you are a WSA license holder, with a current subscription.
Hi  Hstuard

 

Welcome to the Community Forums.

 

If I may add to what Petrovic has posted...the reason that you are not seeing the same reaction on your system as with other AV/IS apps is because WSA works in a couple of very different & unique ways:

 

(i) firstly, WSA takes the approach that an inactive threat, i.e., something that is not running is/cannot be an issue or danger to your system, therefore it only scans & deals with active files/apps...BUT then moment and app/File attempts to/activates it springs into action to determine if it is a threat to your system...so not massive scanning of the system and reacting to any threats or suspicious items, and

 

(ii) secondly, when checking way that unknown or ‘undetermined’ malware is handled, and the automatic remediation that is provided, is different. If a new program is introduced to the machine protected by Webroot SecureAnywhere, and it has no existing relationship to anything else on that machine, then local heuristics and other defenses are automatically applied to make a good or bad determination. 



For example, if a suspicious or undetermined program has passed the several layers of local and Webroot Intelligence Network checks, it is monitored extremely closely, and watched to see which files, registry keys and memory locations it alters. 



If a monitored program is later found to be behaving maliciously, Webroot SecureAnywhere can step-in to block and quarantine it, alert the user and administrator, and proceed to automatically clean-up the threat. The journaling function has recorded and remembered the before and after state of each change made (including changes made to local files). So in the rare case that a threat does get through the heuristics, sandbox, and other defenses, the journaling and monitoring of behavior ensures it cannot do any permanent damage to a user’s machine.

 

For an example of this at work please view this Knowledge Base article that consists of a short demonstration.

 

The other major component to identification & protection is that Webroot maintains a global listing of good files in addition to bad ones and unknown ones. Third-party antivirus software is included in this list. It takes less time for WSA to ask the cloud if the software in question is good, bad, or unknown than it does for you to manually tell it to flag all of those files as good. Additionally, the third-party software is probably going to update a lot, being that it's antivirus software (most-likely old-school definitions based stuff too). When it updates, those files change, and for all real purposes they are new files. The original whitelisting action you would have taken would have whitelisted a certain set of files locally, but it wouldn't account for updates. However, our cloud-based whitelisting does that automatically, which is why you notice no ill effects.  Please view the below diagram:

 



 

 

 

 

I hope that helps in some way to explain what you are seeing as 'different'...it is due to what makes WSA different/better.

 

Please feel free to ask us further questions if required, but also do take up Petrovic's suggestion if you have any concerns.

 

Regards, Baldrick

 

Reply