Skip to main content

When Win11 is offline with Webroot fully installed and updated, how much less powerful is it? Webroot is a thin AV client that needs constant internet access when it finds a virus, to scan and be told what to do next. All modern AVs are affected by being offline, and are less powerful, but Webroot is more affected. How much more affected is it? Is it almost worthless when it is offline?

Hello @DragonsSuck 

 

You need internet to get full protection there is an Offline Protection Shield but never tried it while being offline.

 

 

I will ping @csaunders or @dstokes1 @JR565 and @BradW  to see if they can help you.

 

Thanks,


@DragonsSuck 

To be quite honest, the agent is almost useless offline.

When offline it’ll put into monitoring/journaling anything that is newly introduced to the system. During this time, the agent will attempt to track changes made and block against any major system changes. Then, when it returns to online, it will check the good/bad status of these files to determine whether or not to quarantine or allow.

But, in my testing, the agent simply cannot handle this task effectively and gets overwhelmed if you run a mass ransom or multiple malware incident against it. 

You’ll end up wiping and reloading your box. 

John


@DragonsSuck

To be quite honest, the agent is almost useless offline.

When offline it’ll put into monitoring/journaling anything that is newly introduced to the system. During this time, the agent will attempt to track changes made and block against any major system changes. Then, when it returns to online, it will check the good/bad status of these files to determine whether or not to quarantine or allow.

But, in my testing, the agent simply cannot handle this task effectively and gets overwhelmed if you run a mass ransom or multiple malware incident against it. 

You’ll end up wiping and reloading your box. 

John

Nicely worded John to know from experience! That’s all I knew from many years ago and I wonder if the new Core files will help with this?

 

Thanks,


TripleHeliX, that feature is not available in the Mac version. Please do not omit information in your answers.

For the Windows version, the “Offline Shield” is on by default, so telling me to do something you know is already done is not useful.


Thank you JHart, that is useful.


 @DragonsSuck 

The MAC OS version of the Agent still uses a definitions file alongside the cloud protection mechanism, but from testing, the MAC OS version is just as useless against malware regardless of online or offline. 

The “Core” files are more geared towards agent commands and communications between the console and the agents. 

The new EDR and if you noticed the (YARA) folder (in home betas), are geared towards better protections and the ability to quickly add detection rulesets to protect against threats. 

My testing with these is still ongoing, but looks promising.

 


“MAC OS version is just as useless against malware regardless of online or offline. “

Webroot is a top 10 Mac Antivirus on PCMag.

https://www.pcmag.com/picks/the-best-mac-antivirus-protection

On the small chance that your references to tests isn’t from official journalistic sources, but from your own personal home testing, from now on, reference official professionally written tech article sources on popular websites, and include the link.


It’s in my own testing with real world samples in a controlled environment. Sure download a malware and copy the file to the mac desktop and see if the agent does anything. 


That is the opposite of what I asked for. Please learn how to read, if you can.


Try to act more professional.


@DragonsSuck be nice or you will be banned!

 

 


Um……..ok. I’m just saying that a lot of those tests need to be taken with a grain of salt. 

I might read a review of a product or service, but that alone is NOT a good way to judge how it will fit or work with your environment or how it will work overall in your cyber security stack. 

Our clients rely on us to provide a robust and holistic layered security model.  

Working as a Cyber Security Analyst in an MSSP, my job is to analyze malware/threats, perform DFIR etc. so I deal with these sorts of scenarios daily. 

I’ve literally had experience first hand with pretty much all the major players and those that also home users likely never heard of. Each has their strengths and weakenesses in different areas.

We are partnered with OpenText and use a wide variety of their products and services and I even work with their team to better improve the efficacy of their products, but I also won’t hold back when I notice or feel there is room for improvement.

This helps the entire community and the install base better protect themselves and others. 

Definitely NOT here to start any sort of flame war. 


Reply