Skip to main content

As many of you know, because of Webroot's unique way of identifying threats, it has never officially been included in public tests. Previous test methodologies simply haven't been devised to test Webroot according to the way it works to detect and block threats.

While still a work in progress, we’re happy to announce our first public testing in SE Labs Small Business Endpoint Protection Oct-Dec 2020. The result was a AAA rating for Webroot.

It's important to note that these results are only achieved when the new Script protection component of the Webroot Evasion Shield is activated. If you have yet to enable this feature, you can find directions for how to do so here.

Could you please show where Webroot is awarded AAA status? I can’t seem to find it. From the following link dated Oct-Dec 2020, Webroot is only awarded AA status: https://selabs.uk/wp-content/uploads/2020/12/oct-dec-2020-home.pdf (Page  6 &7)

 

Update: Correct link provide below by @TripleHelix:

https://selabs.uk/wp-content/uploads/2020/12/oct-dec-2020-smb.pdf


SE Labs Small Business Endpoint Protection Oct-Dec 2020.

 

Right here: https://selabs.uk/wp-content/uploads/2020/12/oct-dec-2020-smb.pdf

 


Congrats 


Thanks @TripleHelix for the correct link.


@freydrew Would you be able to answer the question - why isn’t Evasion Shield activated automatically? My engineers have asked the question and I’d love to be able to answer them.


Hello @tmcmullen  let me ping @coscooper and @dstokes1 to see if they can add some info.

 

Thanks,


Why isn’t Evasion Shield activated automatically?

That’s a really valid question and in the fewest possible words - to prevent service disruption.

We are conscious that many of our customers are MSPs and the Script Shield component of Webroot Evasion Shield (and the Foreign Code Shield that we’ll be shipping in Q2) both have the potential to stop valid processes running.

No matter how much we QA test we cannot account for in-house specialist scripts that are benign but act maliciously being ‘accidently’ stopped, creating a false positive.

So rather than ship switched on, we shipped switched off with the first option being to switch to the ‘detect and report’ mode. This way an MSP could go to ‘detect and report’ and deal with any exceptions and then switch the protection on.

We were playing safe to allow for a controlled migration to these powerful new infection prevention and APT defenses.  In hindsight we should maybe have shipped with detect and report as the default! 

No matter it is essential you turn these defenses on as they have powerful infection reduction capabilities that kill attacks earlier and better than before. The FAQs below and links to other Webroot Evasion Shield information is here. It is urgent you switch this on if you haven’t already.

https://community.webroot.com/general-information-102/evasion-shield-faq-342813

 


I have this installed on my PC. Can I also install it on my iPad, if so is there an additional fee?


I have this installed on my PC. Can I also install it on my iPad, if so is there an additional fee?


Hello @bardiva67 

 

Apple doesn’t allow AV’s to be installed on iOS devices like iPhones and iPads but Webroot does have a version for Android devices.

 

Thanks,


Hello again @bardiva67 looking here Webroot has some protection but not an AV: https://apps.apple.com/ca/app/webroot-mobile-security/id460986853#?platform=ipad

 

And it says it’s Free!


It’s important to note that the protection rating for Webroot is 87% in that report.

To place that into perspective, Windows Defender which has a protection rating of 99%

I do wish that Webroot was allowed to run as an extra layer of security to Defender, that’s how it was once sold a few years ago, instead of trying to replace Defender. As well as offering an effective second layer to people like me, I believe it would also increase your sales to a new audience.

(I’ll ignore any replies that claim it can be run in parallel with WD by tweaking the registry)


I do wish that Webroot was allowed to run as an extra layer of security to Defender,

I find on domain joined computers, it does not turn of Windows Defender AV.  I wish it did give an option to keep or disable.  But then, not much has really been done with this app for many years.  Now some lame script blocker so Google Chrome can’t update or install itsself in userAPPland?


I agree an option to turn off the monitoring in security centre would be great! You get the best of both worlds with central management.


Can you provide some documentation on what to watch out for (Gotcha’s!) that could be of concern to business installations?  For example, will apps like Chrome and Google still be able to update via appdata installations?

Also, what about Powershell scripts?  For example we have a battery of scripts we can throw at misbehaving computers, like  stop the printer queue service, clear the /spool/printers folder and restart the printer queue service.  

Will all of these types of scripts that run as logged in user, and some as admin user stop working unless they are added as an exception?


@freydrew Would you be able to answer the question - why isn’t Evasion Shield activated automatically? My engineers have asked the question and I’d love to be able to answer them.

Evasion Shield must be turned on manually - please contact your Solutions Consultant for more information.


Can you provide some documentation on what to watch out for (Gotcha’s!) that could be of concern to business installations?  For example, will apps like Chrome and Google still be able to update via appdata installations?

Also, what about Powershell scripts?  For example we have a battery of scripts we can throw at misbehaving computers, like  stop the printer queue service, clear the /spool/printers folder and restart the printer queue service.  

Will all of these types of scripts that run as logged in user, and some as admin user stop working unless they are added as an exception?

 


Hi Rickee,

There are no gotchas. The Script Protection Shield is very sophisticated (and patented) and is designed not to block Scripts that are typical, yet unique to each business environment, and it is unlikely to cause any FP (false positive) reports. 

We’re very targeted in what we’re looking for and so benign behaviors fall out of scope.

However, even with extensive Q&A testing we cannot offer a 100% guarantee not to create an FP if a Script has what appears to be malicious behavior.

For that reason we shipped as the default as off, and then gave administrators the ability to turn it on in detect and report mode so as they were able to identify and assess the impact of a new layer of security before fully enabling it.

This is really no different from a silent deployment of an endpoint solution to evaluate what ‘would’ happen if it were active.


Thanks so much @niyazahamed! We’re really proud of it. 


SE Labs Small Business Endpoint Protection Oct-Dec 2020.

 

Right here: https://selabs.uk/wp-content/uploads/2020/12/oct-dec-2020-smb.pdf

 

 

Thank you for that link. It was a good read and some new ideas for me. 


Hello again @bardiva67 looking here Webroot has some protection but not an AV: https://apps.apple.com/ca/app/webroot-mobile-security/id460986853#?platform=ipad

 

And it says it’s Free!

Brilliant!


In response to the earlier Evasion Shield question, I wonder if MSPs can use it at all. If it has a hard time with automated processes run by MSPs, can a MSP “whitelist” those processes so that Webroot will ignore them? If so, can it be done on a global level for all clients?


@tmcmullen Yes you can most definitely create global overrides and “whitelists” 

 

 


Congratulations this is excellent news and well deserved I'm sure


Congratulations this is excellent news and well deserved I'm sure

Hey this is a two + year old thread.


Thread Closed as it is almost a 3 year old thread!

 

Newest thread posted here: