Solved
Remediation of found viruses.
When WebRoot 'cleans' a found virus does it remove the virus from the executable or does it just block the file?
Best answer by Shawn
Hello,
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support
View originalAs long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support
- OpenText Employee
- 80 replies
Hello,
When an executable is determined as bad and tries to execute on a system it will be blocked and all components will be quarantined.
We are currently looking into your issue and a member of our threat research team will be contacting you to take a deeper look at this system. There is a chance that this may be a new variant of an older infection and we may need samples to better understand this infection.
Thank you,
Webroot Enterprise Support
When an executable is determined as bad and tries to execute on a system it will be blocked and all components will be quarantined.
We are currently looking into your issue and a member of our threat research team will be contacting you to take a deeper look at this system. There is a chance that this may be a new variant of an older infection and we may need samples to better understand this infection.
Thank you,
Webroot Enterprise Support
- OpenText Employee
- 80 replies
- Answer
Hello,
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support
Shawn Townsend Webroot Manager, Product Support
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.