Hey,
Wanted to run something by you all as this has been on my mind and was also brought up to me by a client.
So in a scenario where a user has WSA on their OS X system, and they are exposed or have come into contact with malware designed for Windows based systems, say through an email attachment. The client and myself want to know if Webroot will detect it (it hasn't in some cases), those files and take action on them so that the OS X user doesn't become a mule to pass on malware to a Windows based user.
My fear is that since the Windows based malware can't technically "run" in an OS X environment, will the WSA agent simply ignore it and treat it just as a benign file because it can't execute anyway in OS X?
They've switched from ESET to Webroot and ESET used to detect whatever malware it saw regardless of whether or not it could run in the OS X environment.
Thoughts???
Thanks
John Hart
Nerds On Site
WSA for MAC OSX and Windows malware detection!
Hello jhartnerd123,
WSA for the Mac will detect windows threats if you have it set to in the settings. We use our SKY database which references the Enzo system that the Windows platform runs. You should see a "W32.xxx.xxxx" detection when we find a windows threat. Hope this helps, please let me know if you have any other Mac threat concerns.
Regards,
WSA for the Mac will detect windows threats if you have it set to in the settings. We use our SKY database which references the Enzo system that the Windows platform runs. You should see a "W32.xxx.xxxx" detection when we find a windows threat. Hope this helps, please let me know if you have any other Mac threat concerns.
Regards,
Devin T Byrd Former Mac Threat Research Analyst
Is that setting enabled by default? and where do I direct the user to go within the OS X version of WSA to turn this setting on?
What are the best recommended settings to maximize protection above the default ones for WSA OSX?
What are the best recommended settings to maximize protection above the default ones for WSA OSX?
SkyDatabase and Enzo are the names that we give to our Threat Intelligence network. Here is some information on how our Threat Intelligence system works... Webroot Threat Intelligence
The mac product checks in with this system to determine any Windows malware, and it also has its own detection system that protects OS X.
The mac product checks in with this system to determine any Windows malware, and it also has its own detection system that protects OS X.
Devin T Byrd Former Mac Threat Research Analyst
I would recommend leaving the defaults settings. By these, we will scan for windows threats.@ wrote:
Is that setting enabled by default? and where do I direct the user to go within the OS X version of WSA to turn this setting on?
What are the best recommended settings to maximize protection above the default ones for WSA OSX?
Devin T Byrd Former Mac Threat Research Analyst
Under Advanced Settings > Scan Settings
Devin T Byrd Former Mac Threat Research Analyst
Is there a process we can go through if there is a known piece of malware for Windows or an exe we know is being picked up by other vendor products and Webroot misses it? We don't want it passed onto other users.
You can submit the file for us to review, What type of file is it?
Devin T Byrd Former Mac Threat Research Analyst
Devin T Byrd Former Mac Threat Research Analyst
I believe it's a zip file and contained within is an executable or a .pdf.exe or something to that effect.
If they are able to, I'll have the client submit it as well as open a support ticket.
Thanks again
If they are able to, I'll have the client submit it as well as open a support ticket.
Thanks again
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.