WSA vs protocols

  • 22 January 2014
  • 5 replies

Userlevel 4
Hi Guys
Which 'protocols' are scanned in real timeHTTP, HTTPS, FTP, SMTP, POP3, POP3S and IMAP?? Best Regards

Best answer by MikeR 24 January 2014, 18:39

View original

5 replies

Userlevel 7
Our firewall does not scan protocols, it monitors for untrusted applications attempting to send protected data (credit cards/ssn) and blocks that traffic.
Userlevel 4
All protocols from list above are monitored??
Userlevel 7
No, but any suspicious activity from .exe's downloaded will be monitored, journaled and prepared for rollback/remediation if found to be malicious.
Userlevel 3
In WSA perimeter of protection is set elsewhere. In "old fashioned" solutions the aproach was "scan everything". Webroot prefers "scan what needed" approach:)
Userlevel 3
Does WSA also block sending out files by untrusted processes?
Or downloading new files to the PC?
What exactly will Webroot block for untrusted processes?
I ask it because I experienced that my other AV software's process was untrusted by default and still it could download its update files (send and receive data to/from the internet), send suspicious files to the AV company for classification, and also scan the system (access everything at low level).
So if my AV as an untrusted process could send and receive data while being monitored then how are my personal files protected by Webroot's intelligent firewall?
Also, how can I test this feature to 100% believe and trust it?
Can I eg. change the classification of Total Commander in my client from "Allow" to "Monitor" and then try to send out a file through Total Commander FTP to the internet? I actually just tried it and found that when I start connecting to the FTP site then Webroot asks me if I allow the untrusted process to communicate to the remote server, BUT it shows also that it "will allow it in 120 sec..." and counting down. So the default isto allow communication if I am not blocking it myself (eg. I am frying eggs in the kitchen). Why would Webroot allow it and not block it by default? This is compromising my security. Either wait for me forever or block after 120 sec!I still want to stay safe even while in the bathroom after eating my lovely dinner and then go sleeping! Who knows just when a virus activates and tries to send out something from my PC...
And what is the exact difference between these settings:
"Warn if any new untrusted processes connect to the Internet if the computer is infected"
"Warn if any new untrusted process connects to the Internet"
For me these sound just the same thing because I consider my PC infected if at least 1 process is being monitored. Do you?