Skip to main content

Question: How do I know how many total threats have been removed by WSA?   Answer: This is found as the Threats Removed stat.   On the images below, note that location of the Threats Removed stat as it appears in the Scan Report and in the 'gear tool' of the PC Security, Scans and Shields tab,  as marked with the number 1.     Question: Why does WSA keep reporting that it is removing the same number of threats every time I run a scan?   Answer: It isn't. (Usually).  The Threats Removed stat is the cumulative total number of threats removed since WSA was installed, or since the last time that the stats were reset.  On the imgages below, the total cumulative Threats Removed are marked with 1.     If your computer actually does still have a detected infection that WSA has identified yet was unable to remove, you will find this as the Active Threats, number 2 in the images below!     Image 1: Scan Report   https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/17481i943370D27F62CD4A.png   Image 2: PC Security, Scans and Utilities tab   https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/17485iE89EAB7BC598CCE5.png  https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/17483i6734FEE94CFB4B04.png       Question: How do I, or can I, reset the Threats Removed stat to 0?   Answer: Yes you can, but please note that doing so resets ALL stats.  (CPU %, Average Scan Time, Events, etc etc etc.)   To reset the stats:  

  • Open WSA
  • Click the 'gear tool' next to Utilities
 
  • https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/17475i207E55F01528BDCB.png
 
  • Click on the Reports tab
  • Click the View Statistics button
 
  • https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/17477i36CF4985F9A44E5A.png
 
  • Click the Reset button (This will reset ALL of the stats on the Statistics Screen also!!)
 
  • https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/17479i0ABB18CD9AE0E7D5.png
  .      

<p>David! This is an awesome article for answering the OPs questions! Nicely done!:D</p>
This response answered a couple of questions for me, thank you. However, it did raise additional questions in my mind:

 

1. Regarding the Active Threats stat, you stated, "If your computer actually does still have a detected infection that WSA has identified yet was unable to remove, you will find this as the Active Threats, number 2 in the images below." My question is, how does WSA manage an identified threat that could not be removed? In other words, how does WSA render the identified threat harmless until it can be removed by the program?

 

2. Also regarding the Active Threats stat, what processes are in place in the cloud to deal with active threats? Are they actively worked by your threat security team?

 

3. Again, regarding the Active Threats stat, if the identified threat that originally could not be removed, is later removed, will the Active Threats stat reflect this, i.e. reduce the displayed Active Threat count? This question is, of course, dependent on the assumption that my question #2 has a positive answer!

 

Thank you in advance for taking the time to respond!

 

~GayleH

 

 


Hi Gayle

 

Answers for you:

 

1. WSA will generally Quarantine threats of components of threats...once they are Quarantined they cannot run/activate and so are harmless to the host system.

 

2. Yes, Webroot has a team or should that be a number of teams of Threat Researchers spread out in various lcoations around the globe constantly research and reviewing suspect apps/files, and updatingthe Cloud database accordingly.  They are not doing this by themselves and a large part of the process is autoomated as far as I know in terms of the 'good' apps and they tend to investigate the 'suspect' or 'bad' ones, etc.

 

3. Yes, as far as I know if something is Quarantined but cannot be disinfected at the time, and it remains there then the contents of Quarantine are re-reviewed on subsequant scans and changes in designation of files/apps acted upon...and let us not forget that something initially suspicious could equally be found to be 'good' as 'bad' subsequantly.  And of course, subsequant to that the Threat Count is adjusted accordingly.

 

Hope that helps?

 

Regards, Baldrick