During 2020 we intend to considerably deepen and widen the prevention and protection we offer via our business endpoint protection platform. The general availability of the first version of the new Webroot Evasion Shield, along with the roll-out during May 2020 of improvements and modifications to our Webroot Endpoint Protection Agent to include additional components, are both intended to deliver better all-round security now and in the near future.
The highlights of this release include:
New – Webroot Evasion Shield to better manage script, fileless, PowerShell and other obfuscated attacks
Webroot Evasion Shield
Webroot Evasion Shield adds new and additional protection against evasive Script and PowerShell attacks.
This release offers new patented Webroot technology to detect, block, and remediate (by quarantining) malicious and evasive script attacks, whether they are file-based, fileless, obfuscated or encrypted. And, in addition, prevent malicious behaviors from executing in PowerShell, JavaScript, and VB Script files that are often used to launch evasive attacks. Overall it's designed to detect and remediate additional malicious scripts over what is detected today.
A new Script Remediation section has been added to the Policies tab. Script Protection by default is switched off as unique scripts are sometimes present and rather than classify them and create potential false negatives (good processes marked as bad) and quarantining them, we recommend using the Detect and Report policy. Detect and Report like the ‘Silent Audit’ policy uncovers the Scripts running and reports them so you may whitelist Scripts you wish to retain.
Overall, the new Webroot Evasion Shield is designed to be easy to use and deploy while minimizing any of the risks associated with classifying Scripts as safe or malicious. It provides a new level of protection with the ability to control and manage ‘known good’ Scripts through whitelisting, while giving console visibility for script detections, remediations, and infections.