Under Review

Notification pop-up: unknown application is started - monitoring is started

  • 21 March 2015
  • 11 replies

Userlevel 7
Badge +51
When you launch unknown applications: display a pop-up message
This will increase the security, so the user will be notified in advance
It will be more convenient, the user will know that in system is running suspicious process

At the moment the user doesn't receive notification of monitoring active process

11 replies

Userlevel 7
Not a bad idea Petr, but to that I would add the priviso that an Advanced Settings option is provided that allows the user discrimination as to whether the popup message is displayed or not. I for one would want this option to be off as I trust in WSA and have no need to be advised as to when it is monitoring something.But otherwise a good idea which I will support.Regards, Baldrick
Userlevel 7
Badge +55
I like it as well and as Solly said it would have to be an Advance setting not default as not Tech savvy users wouldn't know what to do and possibly scare them.
Daniel 😉
Userlevel 7
Badge +51
Yes, Advance setting not default. Thanks for advice.
Hello! It will be helpfull if admin can view in console, that there are same unknow files on hdd, and other unknow apps running  in sandbox. 
Why can't something very simple be implemented - such as a blinking tray icon or a color change in the icon ?
It doesn't have to be a pop-up alert; just something very basic to get the user's attention and let the user know "Hey you might want to take a "look-see" - WSA is monitoring something suspiciouspotentially harmful on your system !
Such a feature would be extremely beneficial all the way around.
Userlevel 7
I am sure that this is being considered...the status is Reviewed and until it comes up as Closed there is always a chance that it will be taken further.
Userlevel 1
This should also be available as a *global* view in the MSP console.  Right now there's a per-site view that lists all unclassified software including EXE files, DLL files, etc. but that's not an accurate representation of which *processes* are being currently monitored.  Worse, we have to scroll through hundreds of pages just in one site as opposed to listing an EXE, with a count of how many times it appears, maybe with a "+" expander to see on which workstations/servers it was found.
So trying to create overrides for known good software from this particular interface ("Reports" tab at a client site) is, well, demoralizing.
I like how the new SecureAPlus handles this in their application whitelisting feature.
You have a 'Trust all' setting where you put all your faith in the AV application and aren't bother with pop-ups. A bit like Webroot now. But next to this you have the 'Interactive Mode' where you do get a pop-up. Here you could choose to:
- Start monitoring the application.
- Start monitor the application but don't allow any network traffic.
- Send it to Cloud or Virustotal for analysis and then decide what to do.
- Allow/block the application.
The pop-up displays all this information nicely next to extra file info like if it the application is signed or not so you have more information to base your decision on.
This feature woud be really handy for more experienced users.
Userlevel 7
Badge +55
? maybe this will be of interest to you if you dig deeper: https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-and-VirusTotal/m-p/253366#M25318 and see here as well: https://support.secureaplus.com/the-hashes-does-not-exist-in-the-universal-av-how-do-i-decide-if-i-should-trust-the-new-executable-files/
Userlevel 7
Badge +55
Some notes on VirusTotal- Webroot Threat Blog Feb, 9th 2016



And who owns VT for the last couple of years: »en.wikipedia.org/wiki/VirusTotal

Userlevel 7
Badge +7
Good Idea! 
I completely agree @  &  @.
Facilitate the advanced user's "life"