We recently had a system infected with Cryptolocker, we can see a 2Gb DB file has been generated and attempted to scan/remediate this system. During the cleanup/remediation scan the system blue screened and reset itself, after the reset numerous attempts have been made to complete a remediation scan but nothing happens on completion, Cryptolocker appears to be removed however files remain encrypted. Discussing this with support we have been told as the system crashed during the first attempt it no longer knows where it was at and can no longer roll back any changes. This system was left idle during the initial rollback process and it crashed approx 12Hrs into it so I would say that any crash that occurred was due to the rollback itself! Seems a big claim to say that Webroot can prevent and roll back Cryptolocker when the reality seems to be more like we'll have a crack at rolling it back when our product misses it but when it all goes south you're on your own!
Page 2 / 2
Thanks for posting back with the update. I'll keep you updated on what I hear from support. @ we discourage people from AV testing because you can easily mess up your system - I'd say reach out to support and see whether they can help you out.
Why can we mess up our system while testing Webroot? It is not only me but our customers are also very keen on testing every AV they consider to use. How would one decide to trust Webroot if not by testing it? Why cannot Webroot provide the tech guys around the world with testing instructions just as they seemed to provide it for some test labs that Webroot says they do AV testing "in a correct way, not like Virus Bulletin and many others" where Webroot is not a good player on the tests?
Well the way to test would be to infect your system deliberately, which has the potential to cause you problems. It would be like testing out a human vaccination by trying to go get infected with the measles. Sure you are probably safe, but what if you are the 1 in a 1000 for whom the vaccine didn't work? Now you've got the measles.
Due to traditional anti-virus being definition based, their "tests" involve downloading sample files which aren't viruses, but which have been added to the signature definitions. It really doesn't tell you anything other than the fact that the anti-virus is running and is recognizing that one sample test file. We really don't think these tests add anything to your security so we haven't bothered to replicate them for our software.
Due to traditional anti-virus being definition based, their "tests" involve downloading sample files which aren't viruses, but which have been added to the signature definitions. It really doesn't tell you anything other than the fact that the anti-virus is running and is recognizing that one sample test file. We really don't think these tests add anything to your security so we haven't bothered to replicate them for our software.
I do not agree with that testing is impossibble, otherwise
#1: How do Webroot developers test their own technology before selling it?
Surely, we are talking about test environments and in such environments it does not matter if you got - as you said - "infect your system deliberately, which has the potential to cause you problems".
#2: How did those test organization test Webroot that gave good results at the end?
So, after all, it some kind of excuse telling everyone "do not try testing ... bla-bla". Tests have to be done with every product, the question is if Webroot can provide a guideline how to do it.
On the other hand, let's not forget I did thorough testing with samples I collected and those tests were just real life execution of different malware. I found that Webroot monitored them first, and then I found that Webroot could not roll back after blocking them. And this was not 1 particular malware but tens of malware. I think I am going to upload the video to Youtube for everyone to see because looks like nobody takes care of this results and nobody givesexplanation what happened in the video and why from Webroot channel... And looks like you just keep telling the same: do not test.
But I say: do test!
#1: How do Webroot developers test their own technology before selling it?
Surely, we are talking about test environments and in such environments it does not matter if you got - as you said - "infect your system deliberately, which has the potential to cause you problems".
#2: How did those test organization test Webroot that gave good results at the end?
So, after all, it some kind of excuse telling everyone "do not try testing ... bla-bla". Tests have to be done with every product, the question is if Webroot can provide a guideline how to do it.
On the other hand, let's not forget I did thorough testing with samples I collected and those tests were just real life execution of different malware. I found that Webroot monitored them first, and then I found that Webroot could not roll back after blocking them. And this was not 1 particular malware but tens of malware. I think I am going to upload the video to Youtube for everyone to see because looks like nobody takes care of this results and nobody givesexplanation what happened in the video and why from Webroot channel... And looks like you just keep telling the same: do not test.
But I say: do test!
I'm not saying nobody should test, just that we don't recommend it for the general public. We do our own testing internally of course.
If you know what you're doing and you want to test your system with viruses or malware then I can't stop you. We just don't recommend it and we don't discuss how to do it on our community because we don't want people who don't what they are doing getting themselves in trouble.
If you know what you're doing and you want to test your system with viruses or malware then I can't stop you. We just don't recommend it and we don't discuss how to do it on our community because we don't want people who don't what they are doing getting themselves in trouble.
There's no problem in testing malware if you're an IT pro and taking precautions.
The issue with testing malware which most people don't do is that it really requires a dedicated network segment to keep the infected endpoint away from ever speaking to any clean computers.
Also, there is malware that will infect consumer-grade routers so you have to be careful you're using something that's secure and locked-down.
For this reason, Webroot seems to be distancing itself in any way from encouraging malware testing, since they can't guard against people who may think they are qualified to try it. Additionally, people testing malware and making incorrect conclusions is rife.
The issue with testing malware which most people don't do is that it really requires a dedicated network segment to keep the infected endpoint away from ever speaking to any clean computers.
Also, there is malware that will infect consumer-grade routers so you have to be careful you're using something that's secure and locked-down.
For this reason, Webroot seems to be distancing itself in any way from encouraging malware testing, since they can't guard against people who may think they are qualified to try it. Additionally, people testing malware and making incorrect conclusions is rife.
That's exactly right @ - if you know what you are doing then have at it, but we don't want to publicly encourage it or have instructions on our community.
Exactly, done right testing is valuable, done wrong it's a disaster waiting to happen, and WR is reluctant to open itself up to liability by encouraging testing when they can't ensure that the tester is taking the required precautions to test safely.
Well guys, this morning I downloaded an archive of repaired files from Webroot.....looks like they managed to recover about 90% of the data I would say. The client is verifying the files now and so far it seems good. In the end it has taken something along the lines of 85 days and we did have to ship the laptop over to them for some reason but I guess we were able to get most of the data back, though I'm not entirelyu sure if this should really be called a win.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.