Skip to main content
While an unknown process that is potentially malicious is being monitored by WSA, I've read that private data is protected from being transfered and stolen from whoever.

 

Exactly what private data is protected? I know keystrokes in 'protected' browsers are prevented from being recorded and such things. But what about my personal files? My documents? My Google Drive content? Are they in danger of being stolen by a monitored process? Does WSA prevent this?

 

Anyone care to explain what protection of private data means? I'd really like to know!

 

Gabriel
Hello Shadek,

 

I am pretty good with the operations of WSA, but not so good with the technical 'how it does it' stuff. The protection of private data is one of the tech areas I am not as good in.... @ can you look this over at some point today?

 

Until then, I do know it does protect that kind of data.  If a monitored process attempts to access that sort of data it is stopped from doing so.  Things like your documents and contacts, WSA detects when things are accessing those and if it is unknown WHY, it will be monitored or blocked. 

 

If you look into Identity Protection, click the 'gear tool' and then click the Application Protection tab.  What you do not want to see are programs set to Allow.  This will allow that program to do pretty much anything it wants.  Not a good thing.

 

Block will block all access.  Copy/Paste with data from a text file should be denied, if I understand things correctly.

 

Protected is where your browsers go... you can copy data from a text file and paste it into the browser, but the browser cannot, due to an infection, obtain data on it's own without you doing it  yourself.

 

 
Yes it protects your private Data as you can see in this short video like they say a picture is worth a thousand words so a video must give you much more: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202 & even the Firewall will block anything being monitored https://community.webroot.com/t5/Webroot-SecureAnywhere-Internet/Why-doesn-t-the-firewall-block-everything-by-default/ta-p/5818

 

HTH,

 

Daniel 😉
Apologies for butting in Guys, but shadek may also find this KB article of assistance with the question, especially the '2. Identity & Privacy > Protected Applications' section.



 

Regards

 

 

Baldrick
Thank you for answering my question.

 

However, none of the posts answer my direct question; Is a 'monitored' process (which state was set by the cloud) blocked by WSA from stealing important information from i.e. C:GoogleDrivexxx? 

 

Or is the 'monitored' process allowed to access the data (i.e. C:GoogleDrivexxx) and upload it to an unknown host? I believe this is called data leak. Can anyone provide a clear answer on this? :D

 

I do completely understand the way ID-shield works and the way journaling works. None of those protect data folders on drive C:xxx from being sent to unknown hosts. They only protect chosen browsers (or manually chosen applications) and complete removal of malware and the changes they made. I don't really care if the malicious changes are undone when my GoogleDrive data has been leaked. :)

 

The firewall in WSA for Win 7 did provide me with the option to prevent monitored processes from accessing the Internet. This is not something you can do with WSA in Win 8. So I wonder, again, can a monitored process access C:GoogleDrivexxx and send it to an unkown host? If not, how is the data protected?
Hi shadek

 

I see where you are going with that...and I suspect that if WSA saw a monitored process carrying out the action that you are describing it would construe that as inappropriate action and so block it, etc...but I do not honestly KNOW.  Perhaps @ could help us out with a consideration of and an answer to your excellent question?

 

Regards

 

 

Baldrick
@ wrote:

Hi shadek

 

I see where you are going with that...and I suspect that if WSA saw a monitored process carrying out the action that you are describing it would construe that as inappropriate action and so block it, etc...but I do not honestly KNOW.  Perhaps @ could help us out with a consideration of and an answer to your excellent question?

 

Regards

 

 

Baldrick

It'd be great to know! I have data on my computers that absolutely cannot be allowed to be stolen. If monitored processes cannot be prevented from stealing this data I need to complement WSA with something that protects the data.:)

 

Gabriel
Hi Gabriel

 

OK, nothing yet back from Shawn so perhaps we will try via the good offices of our most excellent Community Manager, @ 

 

Hi Nic, would you be able to check with development on the very good question that Gabriel posed back in post 5?  It is an important that we would love to have the answer to.

 

Many thanks in advance if yo can facilitate this enquiry...;)

 

Regards

 

 

 

Baldrick
Hello Shadek,

Monitored processes are prevented from performing certain actions, so a monitored process should be prevented from performing data theft like you described. 

 

Thanks,

 

-Dan
Hi Dan

 

Much obliged for the response...that is good to know.

 

Regards

 

 

Baldrick
Thanks Dan - Shawn is out on vacation so I pinged Dan to help out.  Sorry for the delay in getting you an answer!
Thanks, Nic

 

Many thanks for the assist.

 

Regards

 

 

Baldrick
@ wrote:

Hello Shadek,

Monitored processes are prevented from performing certain actions, so a monitored process should be prevented from performing data theft like you described. 

 

Thanks,

 

-Dan

 

Thank you so much for clarifying! This is very valuable information I've been given. 🙂

Reply