Skip to main content
Hi all.

 

as you can see my subject, i want to know how can we do a manuall rollback with Webroot...

sometimes automatic rollback doesn't work you know... so a malware for example run and close after some minutes...

and then we can see some registary made by that malware ...( when we go in task manager > startup > we can see for example : example.exe in startup but in fact when we right click on that we can see the file location is empty.. so we found out every infection removed by Webroot .. but still the registery is changed by that file .. )

so if we can do a manuall rollback we can remove these changes.. i hope you can underestand my mean 😃 it just happened today for me..

 

 

 

and another question: for me ( i run some malwares on my system almost everyday for testing ... and i have Webroot on my system as you know...) is better if i change Heuristics from default to maximum ( i think its better but i want to be sure 😃 ) ?

 

Regards,Parham.
Hi MrParham

 

If the file that you want to roll back the actions of is marked as 'Monitor' then I believe that the only thing that you can do is to change the designation to 'Block' and then I believe that if that file's actions have been journalled then WSA will attempt to roll back the changes.

 

However, I am not completely certain that will work as described so if I were you I would opena support ticket and ask the question of the Support Team.

 

In terms of your second question...firstly I would not recommend that you run any malware knowingly on your system...you are asking for trouble. But if you do then these are the meaning of the different setting for the heuristics:

 

OPTIONDESCRIPTION

Disable heuristicsTurns off heuristic analysis. Not recommended.

Enable standard heuristicsThis setting could lower your level of security.

Enable enhanced heuristics based on the behavior, origin, age, and popularity of filesDefault; recommended setting.

Enable maximum heuristicsUse with caution; this could cause unexpected behavior, prevent the use of lesser known applications, or prevent the installation of rarely-used programs.

Warn when any new program executes that is not specifically whitelistedIssues a warning for any program not specifically included in the Webroot database of websites that are known to be okay.

Enable Webroot InfraredFor details, see PC Shields Overview.

 

You can find further information on this HERE.

 

Hope that helps?

 

Regards, Baldrick

 

 

 
Hello dear Baldrick , good day !

 

Thank You for the answers, my second question answered ,

but about my first problem.. sometimes that procces just gone from Control Active Processes in Webroot... but if user still think some thing changed by the file... so how can do a manuall rollback with Webroot ? is that possible ?

 

 

My Best,

Parham.
Hi MrParham

 

Good day to you to.

 

If there is no entry for the file in ControllingActive Processes, or any of the locations where a file can be set to 'Monitored', then there is no way to attempt the rollback by changing the status to 'Block'. In that case all you can do is to contact Support to see if they can look for the journal file, and if they find it then whether they canuse it to carry out a rollback.

 

Regards, Baldrick

Reply