Hi, i think it will be very better if Webroot block sites with this rating: Suspicious - Moderate Risk...
when we type these sites for example a site with Sucpicius rating , and go in that site... we even can not aware of this rating ...
because Webroot just show that in search engines like Google...
i wish you underestand my mean
On May 9, 2016 my laptop was infected with W32.Rogue.Gen I only found this through another program that I used. I was never notified by Webroot that I had a Trojan infection. I went over and signed into the console and it was there (under Pc and Security) that I found that my laptop was infected. Had I not signed into the console or used another program to identify the Trojan, I would not know that my laptop was infected. The Trojan is non-existing now.
Here;s my idea: When your PC gets infected and in using the existing Webroot icon on the task bar that upon infection, the icon turns red and blinks (like a red traffic light) alerting the end user that there's an infection and then from the red blinking webroot icon that there's a link that brings you to the area (console) to view the type of infection and what was the resolution of the infection. You could also include the notification when you right click on the webroot icon and go from there.
Thanks for reading and I encourage your comments.
Webroot considers itself to be a non intrusive protection solution with less interference etc. And compared to the competitors it might be correct in many cases, but that don’t mean that it cannot be any better. I’ve used webroot for a month or so, and this is my views on this specific topic:
For me an AV or FW etc. is something I do not want to interact with - except when absolutely necessary!
The large rollovers defining Webroot reputations may be fine for new users, but there should be an option to remove the large, obstructing bubbles defining the rating. A simple option allowing only the Webroot colored circle to display for experienced useers would be a huge help. How many hiundreds of thousands of times must we dodge the rollover, or be reminded of your safety categories? Feels like Webroot is simply trying to burn its brand into our brains. Obnoxious.
After receiving the Webroot SecureAnywhere Internet Security Complete from Amazon, I (new user) installed it on two PCs. When I created an account and logged into the Webroot PC Security console, I noticed there were no PCs listed. I thought this was odd since the Webroot installation collected my e-mail address from both PCs. (Okay, I didn't expect an account to be automatically set up, but I did expect my account to be auto-populated with my two PCs once I did set up an account - how clever!) When I clicked on "Add a PC", a dialog opened and displayed:
So you want to add a PC to this screen?
Download the Webroot SecureAnywhere software. (Sorry, I already installed it from CD)
Enter one of your Keycodes during installation. (Yep, I already did that too)
Once the initial scan has completed, the PC should appear here within a few minutes. (Initial scan has already been completed hours ago, and it still hasn't shown up here! Now what?!?)
I sent a message to Webroot Support and, not surprisingly, received a disappointing answer. Fortunately, I figured it out. It's not just the initial scan that will "Add a PC", but ANY scan will do. After opening Webroot SecureAnywere on my first PC and performing a manual "Scan My Computer", I checked my online Webroot PC Security console a few minutes later and my first PC was listed. When I did the same thing for my second PC, it was finally listed as well.
This all could have been avoided if correct wording was used under "So you want to add a PC to this screen?" -OR- if the CD box instructions/installation program instructed me to create an Webroot account FIRST, then proceed with the install.
How about the ability to have the Community login credentials the same as the Console login credentials? Since there is a link to go from Console to Community, I assumed I would already be fully logged in. This is not the case.
I put my computer to sleep at night, but WebRoot will not wake the computer to scan, so the scan ends up running first thing in the morning when I need to start using my computer.
Please allow WebRoot to wake up the computer and do the scan in the wee hours when I don't need to use it.
I just looked at something in my first post. Since this feature exists (Spell Checker)then why is it that when I posted the new idea, it didn't automatically come back and caught the post and say "Feature Already Exist" That would be a great feature. I even turned on suggestions and nothing was there.
I hope this is clear to all.
Just a little idea I had looking at my keycodes as you do.
I am sure some of you have a lot of keycodes in your consoles. I for one dont have too many but I have a few, and somtimes I cannot quite remember which one goes to which so I end up going back and forth to try and locate and place each one.
My idea is to have another colum in the Manage Keycodes page to add a identifyer which the user or admin could change to help them remember which code belongs to which device. Such as "Gaming PC" "Laptop" "Tabet" "Phone" or whatever, you get the idea
What do you guys think?
The Webroot File Submission site (http://snup.webrootcloudav.com/SkyStoreFileUploade
To allow better access to it I would like to suggest that a link to the site is added to the WSA local client; either as a button under the 'Support/Community' tab or the 'Utilities' tab, so that in much the same way as the 'Support' button takes the user to the site directly to open a support ticket, so this would take the user to the File submission site and give them immediate access to:
1. File submission
2. MD5 Hash lookups
3. URL Reputation lookups
As such it should not add very much in terms of additional code to the installer and would provide further useful tools for the user to readily use.
Is it possible to have WSAC scan questionable links in emails without having to open them? For example, I've just received an email from a college friend I haven;t really spoken with in a long time. I'm certain the email is bogus and that the link is at least spyware, but being able to submit it for investigation could be advantageous.
Most of the cases the root problem of a successful 0-day infectino is that the very first piece of malicious code (most likely a downloader trojan) can successfully communicate to it CC (command and control centre).
Webroot today has a default allow action if user does not block via this popup window:
First of all: surely, admins never like the idea of giving such control to the user. User will never know the exact risks of clicking the Allow button here. When he clicks, it is already late to save the network from harm. Please refer to many many Cryptolocker cases around the Globe.
Secondly, the countdown counter here gives you 120 sec to decide. Who among the users can get proper help on what to click here in just 120 sec??? Who is that admin among us who could properly check this unknown process out it at the endpoint and advice in just 120 sec? (Anyone yes - I would employ you tomorrow and we will make big money... )
(please also read this idea - it might work in some cases:
Thirdly, actually, I have never seen any firewall (perimeter or personal) that has a "default allow" implementation. Eversince we have communicating systems we all learnt quite well: for any unknown process the only safe action is to block its communication, isnt' it? (Please note, blocking unknown processes' communication will not have any effect on known good processes.)
Sure, Webroot, you might say that implementing this could result in blocking too many legitim processes, but hey, this is your constant job to classify new processes and as quickly as you can and we purchase a WSA licence it means we do trust you can do this mandatory job for us, for our safety.
Also, even without your expert job (and cloud database updates), local admins could easily deal with those untrusted processes whose communications were blocked via the Admin Console, so they could easily classify any unknown process as "Good" if need be.
Dealing with some bloked communications is (to my opinion) still much better staff then dealing with tons of encrypted files... and neverending ransomware infcetions are just about to teach it for us all.
So why nort let us stay on the safer side?
WSA 6500+ endpoints inatalled and maintained daily, 12+ years Webroot sales & support, 2 yr Webroot MSP
When Trojans get downloaded they are currently a) scanned by WRSA and b) may be further scanned by the user with a manual scan. On both these actions WRSA does not quaranteen these files because they are not considered active malware, according to your researcher Dan. I have checked more than 20 such files via Virustotal and not only ESET, Kapserky recognise them as Trojans but even the lowly Windows Defender. Of all these Trojans across 2 weeks, WRSA did not alert when downloaded not afterwards manually scanned, they were passed as OK.
Because the files may have been scanned twice, the average user is going to believe those files are OK and clean according to WRSA and they may pass them on to someone else in their business workflow or to a friend when in fact those files contained malware. Those files can then wreak havoc on another system that is not protected by WRSA.
Fundamental question and request: Upon download and manual scan WRSA is most likely checking those files against an online databse, so why not immediately quaranteen such suspect files or at least alert the user there may be a risk?
Can WRSA deal with such files immediately, using your own online lookup or add the feature to compare on Virustotal.
Thanks for your consideration