Re. this video by Webrooot: https://www.youtube.com/watch?v=uKMZ1Ukw_7I
Can you please confirm that this (unknown and undetected) keylogger would be automatically blocked from sending the captured keystrokes to a remote server? i.e. would the Webroot firewall component prompt me before allowing an unknown (as yet unverified) application from connecting outbound?
Thanks
PJ
Solved
If Webroot misses a virus can that virus connect to remote server and send my keystrokes?
Best answer by DanP
Hello PJCarmody,
To answer your questions...
- Is there a pop-up on Win 7? Wondering about false positives, whereby Unknown programs are silently blocked from accessing the Internet
You will see prompts when Unknown processes are trying to access the internet.
- From the video it looks like the Unknown keylogger is able to do what it wants, until and if it is becomes Known at which point if it consider Bad then it will be Blocked and all its activities up until that time will be reversed?
The keystroke logging would still be blocked. The changes made to the file system and registry are what would be reversed during rollback.
- >all keystrokes are protected by Webroot regardless of what a files determination is
- from what I can see this only applies to Protected Applications; ones have been pre-added to the list, or manually added later, correct?
The Protected Applications are not the only applications that are protected from keylogging.
-Dan
View originalTo answer your questions...
- Is there a pop-up on Win 7? Wondering about false positives, whereby Unknown programs are silently blocked from accessing the Internet
You will see prompts when Unknown processes are trying to access the internet.
- From the video it looks like the Unknown keylogger is able to do what it wants, until and if it is becomes Known at which point if it consider Bad then it will be Blocked and all its activities up until that time will be reversed?
The keystroke logging would still be blocked. The changes made to the file system and registry are what would be reversed during rollback.
- >all keystrokes are protected by Webroot regardless of what a files determination is
- from what I can see this only applies to Protected Applications; ones have been pre-added to the list, or manually added later, correct?
The Protected Applications are not the only applications that are protected from keylogging.
-Dan
+62Hello PJCarmody,
I might need help in answering this but here's an interesting thread https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Concern-regarding-Webroot-SecureAnywhere-Keylogger-protection/m-p/184170/highlight/true#M10864
@ can you assist here?
I might need help in answering this but here's an interesting thread https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Concern-regarding-Webroot-SecureAnywhere-Keylogger-protection/m-p/184170/highlight/true#M10864
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.4.2), Security: iPads, W 1p0 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
+56Hello and Welcome to the Webroot Community!
Sherry pointed to a good thread and Yes WSA will protect from all unknown keyloggers as the WIN cloud http://www.brightcloud.com/platform/webroot-intelligence-network.php is analyzing it's behaviour also it's Identity Shield protects from Malicious activity so there are many layers that most don't have. Also see the latest MRG tests: https://community.webroot.com/t5/Announcements-and-Release-Notes/WSA-certified-in-MRG-Effitas-360-Assessment-amp-Certification/m-p/185041#M4198
Thanks,
Daniel ;)
Sherry pointed to a good thread and Yes WSA will protect from all unknown keyloggers as the WIN cloud http://www.brightcloud.com/platform/webroot-intelligence-network.php is analyzing it's behaviour also it's Identity Shield protects from Malicious activity so there are many layers that most don't have. Also see the latest MRG tests: https://community.webroot.com/t5/Announcements-and-Release-Notes/WSA-certified-in-MRG-Effitas-360-Assessment-amp-Certification/m-p/185041#M4198
Thanks,
Daniel ;)
Hi Sherry and Daniel,
Thanks for your quick responses, lots of good info there which I've now read thru and watched.
What I'm wondering is specifically what happens in this scenario below:
1) Webroot is watching the new executable (keylogger) - as shown in Webroot Education video https://www.youtube.com/watch?v=uKMZ1Ukw_7I
2) As in the video, the keylogger is capturing keystrokes (not in protected applications such as web browser)
3) The keylogger wants to send keystrokes to remote bad person, via Internet (and assuming at this stage Webroot still does not know that this is an evil executable as not on WIN yet)
4) What does Webroot do when keylogger wants to send data - will the Webroot Firewall trap the access to the outgoing Internet? And will it notify me say "Hey Keyloggger.exe wants to access the Internet, it's an verified application, do you want it to do that?"
So what happens in step 4 please?
Thanks
PJ
Thanks for your quick responses, lots of good info there which I've now read thru and watched.
What I'm wondering is specifically what happens in this scenario below:
1) Webroot is watching the new executable (keylogger) - as shown in Webroot Education video https://www.youtube.com/watch?v=uKMZ1Ukw_7I
2) As in the video, the keylogger is capturing keystrokes (not in protected applications such as web browser)
3) The keylogger wants to send keystrokes to remote bad person, via Internet (and assuming at this stage Webroot still does not know that this is an evil executable as not on WIN yet)
4) What does Webroot do when keylogger wants to send data - will the Webroot Firewall trap the access to the outgoing Internet? And will it notify me say "Hey Keyloggger.exe wants to access the Internet, it's an verified application, do you want it to do that?"
So what happens in step 4 please?
Thanks
PJ
+62+56Yes #4 is correct if the keylooger is new so in this case Unknown to the Cloud Database WSA's firewall automatically blocks it from calling out no pop-up on Win 8.1 and I really never had a Keylogger personally, now while this is being done the Behaviour is being checked and rechecked then it sets to block it from seeing and doing anything to other programs, there are many levels of Monitoring within WSA. WSA is a Smart AV and it's Firewall is as well, WSA sees the Bad, Good & Unknown unlike other conventional AV's that know Good or Bad. https://www.youtube.com/watch?v=mwnhr1Dlkfo#t=77 and this Video https://www.youtube.com/watch?v=GqvVTE8-fA4@ wrote:
Hi Sherry and Daniel,
Thanks for your quick responses, lots of good info there which I've now read thru and watched.
What I'm wondering is specifically what happens in this scenario below:
1) Webroot is watching the new executable (keylogger) - as shown in Webroot Education video https://www.youtube.com/watch?v=uKMZ1Ukw_7I
2) As in the video, the keylogger is capturing keystrokes (not in protected applications such as web browser)
3) The keylogger wants to send keystrokes to remote bad person, via Internet (and assuming at this stage Webroot still does not know that this is an evil executable as not on WIN yet)
4) What does Webroot do when keylogger wants to send data - will the Webroot Firewall trap the access to the outgoing Internet? And will it notify me say "Hey Keyloggger.exe wants to access the Internet, it's an verified application, do you want it to do that?"
So what happens in step 4 please?
Thanks
PJ
Thanks,
Daniel
1 person likes this
+56Also you can add web facing programs to protect as well in Identity Shield.
Thanks,
Daniel ;)
Thanks,
Daniel ;)
1 person likes this
In your example you are running with the following assumptions
1) The malware was downloaded via a website or Email that wasnt blocked
2) The executed malware was wasnt detected
3) Said Malware then executed
The indentity shield is quite protective and it doesnt really rely on the file determination, it doesnt like any software trying to intercept keystrokes. Note that all keystrokes are protected by Webroot regardless of what a files determination is. It's worth mentioning that Keyloggers have really fallen out of favour, they are quite rare to encounter these days. It's much easier (and more effective) to trick people into giving you information (phishing) rather than steal it.
1) The malware was downloaded via a website or Email that wasnt blocked
2) The executed malware was wasnt detected
3) Said Malware then executed
The indentity shield is quite protective and it doesnt really rely on the file determination, it doesnt like any software trying to intercept keystrokes. Note that all keystrokes are protected by Webroot regardless of what a files determination is. It's worth mentioning that Keyloggers have really fallen out of favour, they are quite rare to encounter these days. It's much easier (and more effective) to trick people into giving you information (phishing) rather than steal it.
Thanks Daniel, couple more questions on this:
>Yes #4 is correct if the keylooger is new so in this case Unknown to the Cloud Database WSA's firewall
> automatically blocks it from calling out no pop-up on Win 8.1
Is there a pop-up on Win 7? Wondering about false positives, whereby Unknown programs are silently blocked from accessing the Internet
> now while this is being done the Behaviour is being checked and rechecked then it sets to block it from seeing
> and doing anything to other programs, there are many levels of Monitoring within WSA
From the video it looks like the Unknown keylogger is able to do what it wants, until and if it is becomes Known at which point if it consider Bad then it will be Blocked and all its activities up until that time will be reversed?
PJ
>Yes #4 is correct if the keylooger is new so in this case Unknown to the Cloud Database WSA's firewall
> automatically blocks it from calling out no pop-up on Win 8.1
Is there a pop-up on Win 7? Wondering about false positives, whereby Unknown programs are silently blocked from accessing the Internet
> now while this is being done the Behaviour is being checked and rechecked then it sets to block it from seeing
> and doing anything to other programs, there are many levels of Monitoring within WSA
From the video it looks like the Unknown keylogger is able to do what it wants, until and if it is becomes Known at which point if it consider Bad then it will be Blocked and all its activities up until that time will be reversed?
PJ
Thanks, I agree the assumptions, they do follow from the video example.
>all keystrokes are protected by Webroot regardless of what a files determination is
from what I can see this only applies to Protected Applications; ones have been pre-added to the list, or manually added later, correct?
>all keystrokes are protected by Webroot regardless of what a files determination is
from what I can see this only applies to Protected Applications; ones have been pre-added to the list, or manually added later, correct?
+56I'm not sure about any pop-ups as I never had a Keylogger but all I can say is you are well protected and hopefully@ wrote:
Thanks Daniel, couple more questions on this:
>Yes #4 is correct if the keylooger is new so in this case Unknown to the Cloud Database WSA's firewall
> automatically blocks it from calling out no pop-up on Win 8.1
Is there a pop-up on Win 7? Wondering about false positives, whereby Unknown programs are silently blocked from accessing the Internet
> now while this is being done the Behaviour is being checked and rechecked then it sets to block it from seeing
> and doing anything to other programs, there are many levels of Monitoring within WSA
From the video it looks like the Unknown keylogger is able to do what it wants, until and if it is becomes Known at which point if it consider Bad then it will be Blocked and all its activities up until that time will be reversed?
PJ
Thanks,
Daniel 😉
1 person likes this
+35- OpenText Employee
- 515 replies
- Answer
Hello PJCarmody,
To answer your questions...
- Is there a pop-up on Win 7? Wondering about false positives, whereby Unknown programs are silently blocked from accessing the Internet
You will see prompts when Unknown processes are trying to access the internet.
- From the video it looks like the Unknown keylogger is able to do what it wants, until and if it is becomes Known at which point if it consider Bad then it will be Blocked and all its activities up until that time will be reversed?
The keystroke logging would still be blocked. The changes made to the file system and registry are what would be reversed during rollback.
- >all keystrokes are protected by Webroot regardless of what a files determination is
- from what I can see this only applies to Protected Applications; ones have been pre-added to the list, or manually added later, correct?
The Protected Applications are not the only applications that are protected from keylogging.
-Dan
To answer your questions...
- Is there a pop-up on Win 7? Wondering about false positives, whereby Unknown programs are silently blocked from accessing the Internet
You will see prompts when Unknown processes are trying to access the internet.
- From the video it looks like the Unknown keylogger is able to do what it wants, until and if it is becomes Known at which point if it consider Bad then it will be Blocked and all its activities up until that time will be reversed?
The keystroke logging would still be blocked. The changes made to the file system and registry are what would be reversed during rollback.
- >all keystrokes are protected by Webroot regardless of what a files determination is
- from what I can see this only applies to Protected Applications; ones have been pre-added to the list, or manually added later, correct?
The Protected Applications are not the only applications that are protected from keylogging.
-Dan
Webroot Threat Research
+62Yes I agree a big thanks Dan!:D
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.4.2), Security: iPads, W 1p0 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
1 person likes this
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.