Twice in two days I've had customers with Webroot installed call because they opened a Web page that displayed some kind of virus alert. Their browsers were locked (unable to be closed normally) but I was able to close them using taskkill. Their computers were otherwise unaffected (as far as I can tell, and I did take time to review them both).
Is Webroot supposed to intercept that kind of activity? If so, it didn't work in these two cases, although nothing else malicious ran on them (again, as far as I can tell). Would some forensic information help to defend against this sort of thing? If so, I should be able to collect information from both computers.
Hey @
Webroot is quite aware of this annoyance and is trying to find a way to block them. I've been pretty successful blocking them using the DNS Protection offered by Webroot, or, at the very least, have seen a drastic decline in the number of them across my client endpoints.
The problem being is that these pages are legit pages. Doesn't mean that what the pop up says is legit, but there's no content or scripts being loaded that are malicious in nature where the agent would take action on them. It's only an issue where the uneducated user calls the number or begins clicking on other links contained in that window that they might expose themselves to further risk.
I'd also encourage you to better educate your users and sign yourself up for the Webroot Cyber Security training beta that that they have on the go now. This will allow you to phish clients and then send them to training sites and courses to take to better educate themselves.
Hope this helps
John
Webroot is quite aware of this annoyance and is trying to find a way to block them. I've been pretty successful blocking them using the DNS Protection offered by Webroot, or, at the very least, have seen a drastic decline in the number of them across my client endpoints.
The problem being is that these pages are legit pages. Doesn't mean that what the pop up says is legit, but there's no content or scripts being loaded that are malicious in nature where the agent would take action on them. It's only an issue where the uneducated user calls the number or begins clicking on other links contained in that window that they might expose themselves to further risk.
I'd also encourage you to better educate your users and sign yourself up for the Webroot Cyber Security training beta that that they have on the go now. This will allow you to phish clients and then send them to training sites and courses to take to better educate themselves.
Hope this helps
John
+1I understand that just displaying a scare warning would be viewed as a "legit" Web page. However, the act of seizing control of the browser and preventing it from being closed normally, is not "legit." I'd contend it's something no "legit" Web page ever should do, because "legit" Web pages have no reason to do it.
That's a behavior that Webroot should be able to detect and view as malicious ... at least, I hope so. It's a dead giveaway that something's not right.
That's a behavior that Webroot should be able to detect and view as malicious ... at least, I hope so. It's a dead giveaway that something's not right.
1 person likes this
Totally agree with JP... I add uBlock to every client computer that I clean or manage. This cuts down on return calls substantially.@ wrote:
@ tell them they can use an ad-blocker. I used to install it for every single Computer I remoted onto when working in Consumer Technical Support.
uBlock (low on memory/performance)
AdBlock
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.