For advanced users is there any way to indicate when something is set to monitor. E.G. a prompt (like Emsisoft does with their application rules) or even a counter/balloon tip etc. in the tray icon. I usually find that most problems I have with apps are because WSA has set them monitor unknown to me, often when a new release is out and the cloud has not recognised it as safe yet. I know this is in some way against how WSA is designed to work but an option for advanced users would help me.
Page 1 / 1
Hello MadeMeCry, good to see you again :)
Good question! You are going to make me really wake up to answer this one LOL. There are a couple of places you can look.
1) Control Active Processes
Open WSA
Click the gear tool next to Utilities
Click the System Control tab
Click the Start button to view the status current Active Processes
2) Scan Log
Open WSA
Click the gear tool next to Utilities
Click the Reports tab
Click the Save Scan Log button. Save this to a text file, and open it to read it. Notepad works just fine usually. Look for files that are marked with a [u] This shows it is undetermined, and thus monitored. These are the files you might want to submit to Webroot for checking and possible Whitelisting for those new releases.
I hope this helps a bit :)
Good question! You are going to make me really wake up to answer this one LOL. There are a couple of places you can look.
1) Control Active Processes
Open WSA
Click the gear tool next to Utilities
Click the System Control tab
Click the Start button to view the status current Active Processes
2) Scan Log
Open WSA
Click the gear tool next to Utilities
Click the Reports tab
Click the Save Scan Log button. Save this to a text file, and open it to read it. Notepad works just fine usually. Look for files that are marked with a [u] This shows it is undetermined, and thus monitored. These are the files you might want to submit to Webroot for checking and possible Whitelisting for those new releases.
I hope this helps a bit :)
I appreciate that and have submitted files to support in the past. I should have been clear that I was after an real-time indicator at the time WSA sets it to monitor (E.G. a popup or ballon tip in the tray). I know I can go into the menus/logs and see/change what is being monitored/blocked etc. but I might no do that for days after an app has autoupdated/installed and been set to monitor by WSA automatically in the background.
It is similar to copy/paste where by default (if protected data) it will just be blocked silently but there is an option in the shields that allows for a prompt.
It is similar to copy/paste where by default (if protected data) it will just be blocked silently but there is an option in the shields that allows for a prompt.
Ah, I see what you mean.
I am not sure if the following will help or not but I think #2 below MIGHT be what you are looking for.
1)
Open WSA
Click Advanced Settings
Click Firewall
Review the settings here.
2)
Next, keep Advanded Options open and click the Heurisitcs tab
You might change this from the default to "Warn when any program executes that is not specifically whitelisted"
Does this get a little bit closer to what you seek?
I am not sure if the following will help or not but I think #2 below MIGHT be what you are looking for.
1)
Open WSA
Click Advanced Settings
Click Firewall
Review the settings here.
2)
Next, keep Advanded Options open and click the Heurisitcs tab
You might change this from the default to "Warn when any program executes that is not specifically whitelisted"
Does this get a little bit closer to what you seek?
Possibly,
(1) is not an option as I use Windows 8.1 and there are no firewall options with that OS
(2) This might work but I need to do some testing.
thanks
(1) is not an option as I use Windows 8.1 and there are no firewall options with that OS
(2) This might work but I need to do some testing.
thanks
Let me know how the tests go.
@ can you take a look over this thread and my replies? Please add anything that I am missing here 🙂
David already suggested the options and the Best way to see if something is being Monitored is do a scan and Save a Scan Log and look near the Bottom and it will say.
Example:
Thu 18-12-2014 12:08:20.0336 Monitoring process C:Program Files (x86)AdobeReader 11.0ReaderReader_sl.exe [3F7CD7873FA942C38F9831F286698414]. Type: 3 (3521)
Thu 18-12-2014 12:08:20.0336 Monitoring process C:Program Files (x86)AdobeReader 11.0ReaderReader_sl.exe [3F7CD7873FA942C38F9831F286698414]. Type: 4 (3521)
Thu 18-12-2014 12:08:20.0336 Monitoring process C:Program Files (x86)AdobeReader 11.0ReaderReader_sl.exe [3F7CD7873FA942C38F9831F286698414]. Type: 8 (3521)
Is there some other info your looking for?
Thanks,
Daniel ;)
Example:
Thu 18-12-2014 12:08:20.0336 Monitoring process C:Program Files (x86)AdobeReader 11.0ReaderReader_sl.exe [3F7CD7873FA942C38F9831F286698414]. Type: 3 (3521)
Thu 18-12-2014 12:08:20.0336 Monitoring process C:Program Files (x86)AdobeReader 11.0ReaderReader_sl.exe [3F7CD7873FA942C38F9831F286698414]. Type: 4 (3521)
Thu 18-12-2014 12:08:20.0336 Monitoring process C:Program Files (x86)AdobeReader 11.0ReaderReader_sl.exe [3F7CD7873FA942C38F9831F286698414]. Type: 8 (3521)
Is there some other info your looking for?
Thanks,
Daniel ;)
Seems "Warn when any program executes that is not specifically whitelisted" sort of works. It prompts but does get a bit noisy if you only "allow once" as all child processes seem to prompt as well. Will keep testing. Thanks for the help.
True very noisy and WSA is a smart AV as all the work is done in the Cloud: http://www.brightcloud.com/platform/webroot-intelligence-network.php You will not find anything like in E.G. a prompt (like Emsisoft does with their application rules) like I said it's all done in the Cloud!@ wrote:
Seems "Warn when any program executes that is not specifically whitelisted" sort of works. It prompts but does get a bit noisy if you only "allow once" as all child processes seem to prompt as well. Will keep testing. Thanks for the help.
Daniel ;)
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.