How does Webroot stop ransomware?
If it shows up on your PC how does it get rid of it?
We have seen this at work and the only thing that can be done is to wipe the pc and all files.
I have the home version 9.0.9.78
David
Userlevel 7
Hi davidhelp
Welcome ot the Community Forums.
Exactly how WSA does this is a closely guarded secret...for obvious reason...don't want to go tipping the hand to the miscreants out there...;)
Suffice it to say that WSA works on the basis that active maleware is dangerous whilst inactive malware is...well, not dangerous as it is active. So through a combination of Shields monitoring the areas of one's system in which files/apps can run, WSA stands guard, analyses processes/files that activate and looks to determine if 'good' or 'bad' based on the data held in the Webroot Intelligence Network.
If 'bad' then WSA blocks the file/app & if 'good' allows it to proceed with its activity. But if the nature of the file/app is 'undetermined' then WSA (i) restricts what the file/app can do & (ii) starts monitoring/journalling all its actions...so that if in future the file is determined to be 'bad' WSA can (i) block it & (ii) rollback its activities based on the information journalled.
WSA does this for all 'malware' of which ransomware is just one component.
I hope that this helps/explains what WSA is about/does to protect users. It is somewhat simplified but essentially I believe that covers the basics.
Regards, Baldrick
Welcome ot the Community Forums.
Exactly how WSA does this is a closely guarded secret...for obvious reason...don't want to go tipping the hand to the miscreants out there...;)
Suffice it to say that WSA works on the basis that active maleware is dangerous whilst inactive malware is...well, not dangerous as it is active. So through a combination of Shields monitoring the areas of one's system in which files/apps can run, WSA stands guard, analyses processes/files that activate and looks to determine if 'good' or 'bad' based on the data held in the Webroot Intelligence Network.
If 'bad' then WSA blocks the file/app & if 'good' allows it to proceed with its activity. But if the nature of the file/app is 'undetermined' then WSA (i) restricts what the file/app can do & (ii) starts monitoring/journalling all its actions...so that if in future the file is determined to be 'bad' WSA can (i) block it & (ii) rollback its activities based on the information journalled.
WSA does this for all 'malware' of which ransomware is just one component.
I hope that this helps/explains what WSA is about/does to protect users. It is somewhat simplified but essentially I believe that covers the basics.
Regards, Baldrick
The other vital part is always back up your files eleswhere!
At work when someone calls in and we give them the bad news about having to re-image the pc, we ask if they backed up their files and the answer is usually no. The sounds of anguish then start.
We have a network file share where we can back up and I started doing so when the ransomware started showing showing up. Most of the offices either do not have them or the users do not backup from their pc's to the network share which is always backed up.
Question: Can webroot defeat ransomware to those already affected?
(we use webroot on the company cell phones but not as far as I know company pc's (over 5,000 of them).
At work when someone calls in and we give them the bad news about having to re-image the pc, we ask if they backed up their files and the answer is usually no. The sounds of anguish then start.
We have a network file share where we can back up and I started doing so when the ransomware started showing showing up. Most of the offices either do not have them or the users do not backup from their pc's to the network share which is always backed up.
Question: Can webroot defeat ransomware to those already affected?
(we use webroot on the company cell phones but not as far as I know company pc's (over 5,000 of them).
Userlevel 7
+56
Unfortunately Webroot can't defeat ransomware after the fact. Nor can any software, as the encryption is usually unbreakable. Sometimes the keys have been recovered by law enforcement and made available online, or the particular ransomware has a flaw in the encryption code and can be broken. But those are exceptions to the norm.
Userlevel 7
The key...however good one's defences are, is to make sure, as davidhelp says, that one has a backup or, better still, a recent full image of one's disk(s)...so that if disaster does strike then at least one can revert to a pre-infection state.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.