How does Webroot protect against Ransomeware and Hijackers? Also "DNS Unlocker"?
Page 1 / 1
Hi TimothyFC
Weclome to the Community Forums.
Firstly one of the keys to protecting against ramsome ware is to take some basic precautions other than using WSA. Webroot have provided this KB Article with informaiton on what that is and how to implement it.
Secondly, in terms of all malware, be it ransomware. hijackers, DNS Unlocker, etc. Amongst its techniques (which are kept secret so as not to tip the hand to the malware writers) WSA will check for the 'goodness' or 'badness' of a file. When WSA detects a file that it cannot determine as to being good or bad it marks it as 'undetermined' and starts journalling any actions it takes. If later that file is determined to be bad WSA can use the journalled activities to undo the actions of the files, i.e., in the case of ransomware roll back the encryption process.
This also used for other types of malware attacks detected. This previous post may help understand what 'monitoring' is, in more detail.
The user can also move an automatically monitored file/app at any time if they believe that the file is good or bad in which case the journal files associated with the monitoring are not removed (I believe) or a user can set a file/app to monitor if they are suspicious of its intentions (same outcome re. the journal files produced, as previous stated).
Finally, please see this KB Article on what happens if WSA 'misses' a virus or malware. That should further help explain the feature.
Hope that helps?
Regards, Baldrick
Weclome to the Community Forums.
Firstly one of the keys to protecting against ramsome ware is to take some basic precautions other than using WSA. Webroot have provided this KB Article with informaiton on what that is and how to implement it.
Secondly, in terms of all malware, be it ransomware. hijackers, DNS Unlocker, etc. Amongst its techniques (which are kept secret so as not to tip the hand to the malware writers) WSA will check for the 'goodness' or 'badness' of a file. When WSA detects a file that it cannot determine as to being good or bad it marks it as 'undetermined' and starts journalling any actions it takes. If later that file is determined to be bad WSA can use the journalled activities to undo the actions of the files, i.e., in the case of ransomware roll back the encryption process.
This also used for other types of malware attacks detected. This previous post may help understand what 'monitoring' is, in more detail.
The user can also move an automatically monitored file/app at any time if they believe that the file is good or bad in which case the journal files associated with the monitoring are not removed (I believe) or a user can set a file/app to monitor if they are suspicious of its intentions (same outcome re. the journal files produced, as previous stated).
Finally, please see this KB Article on what happens if WSA 'misses' a virus or malware. That should further help explain the feature.
Hope that helps?
Regards, Baldrick
Hello.
i like to assure you almost every single infection by Webroot can Rollback ( they never said it works 100% but what i see so far was 100% 😃 ) in last week i just infected by 3 kinds of cryptolocker ( to be honest i become infected because i want to ! 😃 ) and all 3 of them and files what encrypted back to normal within almost 6 hours in max ! 😉
i like to assure you almost every single infection by Webroot can Rollback ( they never said it works 100% but what i see so far was 100% 😃 ) in last week i just infected by 3 kinds of cryptolocker ( to be honest i become infected because i want to ! 😃 ) and all 3 of them and files what encrypted back to normal within almost 6 hours in max ! 😉
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.