Skip to main content



 

Webroot is holding a Live Q&A here in the Community so come by and ask questions about malware and our expert Threat team will sit down and answer them from 10am-11am (Mountain Time).
@ asks: "Maybe someone can answer if WSA can rollback all malware that is missed? And how does WSA protect users if they are infected with malware and in time is rolled back like:

 

1. Have all of there passwords been compromised web browsers and even the main PC login password?

2. Does WSA block all malware from calling out to the bad guys?"
Out of all the nastiest forms of malware you listed, which one do you feel has had the most severe impact this year?
@ wrote:

@ asks: "Maybe someone can answer if WSA can rollback all malware that is missed? And how does WSA protect users if they are infected with malware and in time is rolled back like:

 

1. Have all of there passwords been compromised web browsers and even the main PC login password?

2. Does WSA block all malware from calling out to the bad guys?"

Hey TripleHelix

 

Maybe someone can answer if WSA can rollback all malware that is missed?

So rollback's job is to monitor all changes of a unknown process - in most cases this is malware that wasn't detected immediately. The changes that we monitor are all files created/deleted/modified and registry entries created/deleted/modified. In the case of any files or registry entries that were deleted or modified, we would actually snapshot those and save them. Then once we determine that unknown malware as malicious, that process will be quarantined and all actions as recorded by journaling will be reversed. This means we will remove any new files or registry entries created by the malware and then place back any files or registry entries that were deleted or were modified. 

 

Please note that this doesn't work for 100% of malware as this is a constant cat and mouse game with criminals and malware that will process inject will circumvent our journaling. While Journaling is a very powerful feature, it is not meant to be a replacement for a reliable backup solution. Our snapshots of files and registry entries does have a file size limit and is designed to protect office documents and windows system files - it will not snapshot your Disney Blu-rays. 

 

1. Have all of there passwords been compromised web browsers and even the main PC login password?

Sorry but I'm having a real hard time understand what's being asked. Can we rephrase? Are you asking if the web browser was compromised that has all their saved password passwords, would the criminal get the main user account login?

My answer would be no, unless there is overlap with the main PC login and some of the passwords saved in the browser. 

 

2.Does WSA block all malware from calling out to the bad guys?

 

I would say NO to this. While our job is to obviously try and stop all of malware and all communication they make, but no one is 100% on this. It's a constant cat and mouse game.

 

 
@ wrote:

Out of all the nastiest forms of malware you listed, which one do you feel has had the most impact this year?

Definitely Emotet. Botnets are king right now. Especially now that they are equipped with multiple payloads beyond banking trojans - ransomware being a really nasty one.
Can you help me understand why crypto is bad/malicious? Also, do you think publishing websites could use this for revenue moving forward?
@ wrote:

Can you help me understandy why crypto is bad/malicious? Also, do you think publishing websites could use this for revenue moving forward?

Crypto is no bad or malicious. It was designed to be a way to store wealth and provide banking to anyone without the reliance on any trusted 3rd party like a bank or government. Also the decentralization is one of the main appeals as it is currently the most hack-resistant technologies to date. However, this along with the fact that no one can seize your crypto as long as you keep your private keys safe is what is so attractive to criminals. 

 

The cryptomining/Cryptojacking on websites could easily be a part of the future for websites to legitimately host this as a way to generate revenue for server costs instead of annoying adds. But right not it's just being abused by criminals who break into websites that they don't own. 
Thanks @@, @, and @ for your questions! Hope that everyone found this helpful. 

 

Please let us know what other Q&A's you'd like to see from the Webroot team and we'll do our best to get them on the schedule. 

 

Thanks again!

 

 
Thanks @ ! I know no one product can protect you 100%, allot of common sense works well and the AV is hopefully there to protect a user if they make a mistake IMO. 😉 Can't wait to have the Script Shield (full time) and the Anti-Exploit feature in the coming near future!

Reply