Twice in two days I've had customers with Webroot installed call because they opened a Web page that displayed some kind of virus alert. Their browsers were locked (unable to be closed normally) but I was able to close them using taskkill. Their computers were otherwise unaffected (as far as I can tell, and I did take time to review them both).
Is Webroot supposed to intercept that kind of activity? If so, it didn't work in these two cases, although nothing else malicious ran on them (again, as far as I can tell). Would some forensic information help to defend against this sort of thing? If so, I should be able to collect information from both computers.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Webroot is quite aware of this annoyance and is trying to find a way to block them. I've been pretty successful blocking them using the DNS Protection offered by Webroot, or, at the very least, have seen a drastic decline in the number of them across my client endpoints.
The problem being is that these pages are legit pages. Doesn't mean that what the pop up says is legit, but there's no content or scripts being loaded that are malicious in nature where the agent would take action on them. It's only an issue where the uneducated user calls the number or begins clicking on other links contained in that window that they might expose themselves to further risk.
I'd also encourage you to better educate your users and sign yourself up for the Webroot Cyber Security training beta that that they have on the go now. This will allow you to phish clients and then send them to training sites and courses to take to better educate themselves.
Hope this helps
That's a behavior that Webroot should be able to detect and view as malicious ... at least, I hope so. It's a dead giveaway that something's not right.
uBlock (low on memory/performance)