We have run the KnowBe4 Ransim v1.1 simulation and found that WSA has trouble protecting against this quite useful ransomware test simulation. This is an updated version of the test that did pass according to previous Webroot testers.
Previous older version of the Ransim test is mentioned here:
We have enabled PUA detection on a copy of the Recommended Default Policy in Endpoint Protection console and checked the policy was updated on the Win7 endpoint.
Any other recomendations?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
During your test, did you notice if the process was untrusted or being monitored by the Webroot agent? If so, then that's the journaling part of the journaling and rollback feature. So, it could be that during the test, your fake test files were being stored safely in the Webroot journal. Then when it was detected as bad (as it is now) then those files would be rolled back.
Hope that helps.
If there is no way to get a "passed" result to show to our clients is there another tool that can show the efficacy of Webroot? (Eicar test is too simple)