Skip to main content
Hi all.

 

as you can see i have a question about Webroot Behavior Blocker or Monitoring...

 

Webroot behavior blocker will  turn off if i turn off real time shield ? because every time i trying to test Webroot monitoring ( i turn off realtime shield ) result is infection ! maybe Webroot Monitoring is not as i expected good ? or maybe when i turn off realtime shield , behavior blocker also will turn off ?

 

by the way : i mean real infection ! some files creat on temp files and roaming folder ... but i dont want join in this discussion now ,, just want answer of my question :)

 

Regards,Parham.
Yes it will be affected as the Realtime Shield is a very, very big part of WSA and all the Behaviors are all done on the Webroot Brightcloud Threat Intelligence not on your PC!

 

Cheers,

 

Daniel ;)

 



 



 



 



 


Those are some awesome videos Daniel! 🙂
Thank You for the answer.

 

but excuse me , you said yes , so am i do underestand correct ? : if we turn off realtime shield , then Behavior blocker will turn off too? 🙂 you said yes to this question ?

 

 

and Thanks again for the nice videos 🙂
It's all part of WSA so it says here don't turn off any Shields: http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C3_Shielding/CH3a_WhatShieldsDo.htm

 

What shields do

Shields constantly monitor activity while you surf the Internet and work on your computer, protecting your computer from malware and viruses. As you surf Internet sites, you could be targeted for a drive-by download, where an unwanted program launches and silently installs on your computer as you view pages. We recommend you keep all shields enabled.

Shields run in the background without disrupting your work. If a shield detects an item that it classifies as a potential threat or does not recognize, it opens an alert. The alert asks if you want to allow the item to run or if you want to block it. If you recognize the file name and you are purposely downloading it (for example, you were in the process of downloading a new toolbar for your browser), click Allow to continue. If you were not trying to download anything, you should click Block.

 

Types of shields

 

SecureAnywhere includes these types of shields:

 


  • Realtime shield. Monitors unknown programs to determine whether or not they contain threats. Blocks known threats from running on your computer that are listed in Webroot’s threat definitions and in our community database. You should never disable this shield.
  • Rootkit shield. Blocks rootkits from being installed on your computer and removes any that are present.
  • Web shield. Blocks known threats encountered on the Internet and displays a warning. The Web shield maintains information on more than 200 million URLs and IP addresses to comprise the most accurate and comprehensive data available for classifying content and detecting malicious sites.
  • USB shield. Monitors an installed USB flash drive for threats, blocks and removes any threats that it finds.
  • Offline shield. Protects your system from threats while your computer is not connected to the Internet.

All the Behavior actions are from the Cloud so all the work is done in the Cloud! ;)

 


Here from when Webroot aquired Prevx in Nov 2010:  http://www.pcmag.com/article2/0,2817,2392059,00.asp

 

http://www.prnewswire.com/news-releases/webroot-acquires-prevx-106436478.html

 

Immense Cloud Database

One reason the local application can be so tiny is that it doesn't include any malware signatures, Morris explained. The Prevx technology relies entirely on an immense database of applications and behaviors in the cloud. This database collects and correlates an almost-unimaginable amount of information about every process ever run on any system with SecureAnywhere (or Prevx) installed. Along with the expected notes about process behavior it correlates things like the geographic location, browser version, and other elements of the sample's "habitat."

According to Morris, this database, code named ENZO, can include as many as two million database rows for a single process.

"Cybersecurity is all about information," said Morris. "We store and correlate all the factors about the process's behavior in all the places it was seen. We aim to have more information than anyone, so we can offer better protection than anyone."

 
Thanks for the answers so Real Time Shield in fact is Behavior Blocker too 😃 I See.

 

so i think Webroot should improve Monitoring ? i mean its great but last night i run a unknown( from webroot ) malware , Webroot block that i mean after 30 sec i see a message from Webroot ( that files trying to change registry ... so i click on block ) and then the file procces disappeared from Control Active Proccess.. and i saw malware ( was in desktop ) size is 0kb ! (before block was 225 kb ) so i scan that and removed .. but that malware created some files on my Temp folder ... on Roaming folder ... !!!  in the end i mean Webroot better provide a better behavior blocker and some more Automatic ? because this current Behavior Blocker a little is User-related ! you know ? i mean till now ( i run about 10-12 malwares on my test system ) and never saw Webroot block them Automatic ...( i mean never saw Webroot automatic change from Monitor to Block ! ) ! sometimes without any message the proccess just gone ! and sometimes just like last night we click on block but system will infected !

 

for example a company i used before .. ( Emsisoft ) they improve their behavior blocker in every single update ! every single update ! its great ! maybe Webroot is focused on Database and Antiphishing .. more than Behavior Blocker ? or maybe something else we should know ?

 

please let me know if you have any answer about this post :)

 

 

Regards,

Parham
See this Video: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202 also no one product will protect 100% so the layered approach is always suggested with System Back Ups. And on the Community we don't discuss any private Malware Testing as it's not Real World per say and we don't want to encourage other members to do such things as they could put there systems in harms way. Not good at all........

 

Daniel

 

From the Community Guidelines: https://community.webroot.com/t5/Announcements-and-Release-Notes/Webroot-Community-Guidelines/td-p/2

 

No Private Testing Discussions.

We do not condone private malware testing by end-users.  This is never a good idea, and in some areas it's actually illegal.  The whole point of antivirus software is to not get infected, and unfortunately when somebody sets a bad example, there will always be others who are influenced into following the same path.  It's not something we want to allow to be encouraged.

 

Reply