Solved

No Webfiltering in IE 11 or Chrome

  • 20 November 2013
  • 57 replies
  • 373 views

Userlevel 2
Hi..............I just installed WSA 2014 and so far I am not impressed. Please fix my problem. I have uninstalled and reinstalled 2x. There is no webshield/filter running or installed in either IE 11 or Chrome. I am using Win 7 Home Premium 64bit. There is also an ongoing thread at Wilders. I do not even have the crx file listed by Triple Helix. So what gives? IThe eicar test does not even get blocked. Thanks. 
 
http://www.wilderssecurity.com/showthread.php?t=356072
icon

Best answer by RetiredTripleHelix 3 December 2013, 01:54

View original

57 replies

Userlevel 2
Forget it. I uninstalled it. Download some malware samples. System got infected. Does WSA even work? I thought it is suppose to be top notch? Going back to avast. Thanks anyways.
 
https://www.virustotal.com/en/file/125861730c2b28e6af2bb640b162bd5118b2e80f2456bdca24a1e18e4f40fbc7/analysis/1384923260/
Userlevel 2
Unless some has a resonable explaination. Thanks. 
Userlevel 6
Badge +22
Hi !
what are your versions of Chrome and IE ?
Userlevel 7
Hi GTR707
 
Welcome to the Community Forums :D
 
Sorry to hear that you have had a bad experience with WSA.  To try to get to the bottom of what you have seen (which I must say is most untypical in my experience) can you advise as to the precise actions that you undertook to get the result that you did.
 
Was the infection actual or are you just saying that WSA did not detect the malware at download?  Reason I ask is because WSA looks for active threats and a piece of malware that is on the disk but effectively dormant will not be detected (as it is not doing any harm).  However, should it try to activate/run then WSA will detect and jump into block if it identifies it as a threat.  If it cannot determine it as either good or bad it will switch to monitor mod, journalling any actions the monitored program undertakes and if a lter determination is that the program is bad then it will block it and then reverse the actions it has taken (nd were monitored) prior to the 'bad' determination.
 
Do not know if that helps explain what you may have seen, but please feel free to ask further questions and we at the Community will try to answer/explain. ;)
 
Regards
 
 
Baldrick
Userlevel 2
Normal plain old install. Completely removed avast using the avast uninstaller. Cleaned up any left overs and rebooted. Installed WSA and downloaded the eiar test file usign Chrome. No detection. No alarm. Downloaded using IE 11. No detection. No alarm. Nothing in logs. Did a scan and it was detected. Does WSA have website ratings when you Google stuff like WOT? How come there is no Chrome plugin to be found? Unisntalled WSA and tried again. Samething. Downloaded some malware samples and "none" where detected. All verifed using Virustotal. Scanned with MBAM and all 4 samples were detected. I was done with WSA. Mounted my stored image with avast. Sorry but I have tried every av out there and never have I ran accross something like this. Heck even Comodo detects more. Thanks anyways. 
Userlevel 7
Hi GTR707
 
Understand where you are coming from here but let me try to reply to each point specifically before you completely give up on WSA. ;)
 
Normal plain old install. Completely removed avast using the avast uninstaller. Cleaned up any left overs and rebooted.
 
Baldrick - Perfect approach
 
Installed WSA and downloaded the eiar test file usign Chrome. No detection. No alarm.
 
Baldrick - I have done the same and it does not warn or alarm given the way that I advised that WSA works...until the malware goes active it will not be intercepted/reported...but in the case of eicar...WSA knows what it is and so ignores it...as do some other AVs I know.
 
Downloaded using IE 11. No detection. No alarm. Nothing in logs.
 
Baldrick - as per above.
 
Did a scan and it was detected.
 
Baldrick - in this case because you are scannng it will report, etc.  That is how WSA works.
 
Does WSA have website ratings when you Google stuff like WOT?
 
Baldrick - Yes, it does; and in fact Webroot is just rolling out a new version to the user base via silent updates, so it is possible that you would not yet have had it with what you installed.  I have received it and it provides the rating of search results in IE, Chrome & Firefox, etc.
 
How come there is no Chrome plugin to be found?
 
Baldrick - As stated above there is cover for Chrome in the new Threat Shield that is being rolled out (slowly), but you are still well protected by WSA even if yo have not yet got it.
 
Unisntalled WSA and tried again. Samething. Downloaded some malware samples and "none" where detected.
 
Baldrick - Not surprised given what I have advised in terms of what you said about your first install/testing.
 
All verifed using Virustotal. Scanned with MBAM and all 4 samples were detected.
 
Baldrick - At the risk of being boring the reason for this is what I have already advised, i.e., that the WSA protection philospohy/the way it works is different to what I would euphamistically called 'traditional' solutions. ANd I have to admit that it does take some time to get used to/trust...but that is because we have been brought up on the 'traditional', etc.
 
I was done with WSA.
 
Baldrick - Far from me trying to convince you I will try to find some links to articles to support what I am saying so that hopefully you can make an informed choice.
 
Mounted my stored image with avast. Sorry but I have tried every av out there and never have I ran accross something like this. Heck even Comodo detects more. Thanks anyways.
 
Baldrick - One last thing...it is not about just detection (but I am sure that you know this) but also about prevention/interception & correcting...all of which WSA IMHO does very, very well.
 
Anyway, I hope you will consider what my responses and take a fresh look at WSA. :D
 
Please feel free to post back if yo do so decide and have more questions.
 
Regards
 
 
Baldrick
 
Userlevel 2
I will ONLY reconsider WSA if the above problems are adressed. Why isnt there a webshield in Chrome or IE 11? I downloaded WSA after filling out the Bronocs giveway. Free for 6 months. I know no av is perfect. But 4 malware samples and NO detection is abusrd. Look at the Virustotal link. WSA did not blink an eye and over 30 other products dtect it.  I want to use WSA. But I am afraid to afriad this. Its obviously not just me when there are people at Wilders complaining about the samething. So are you saying there is webshield coming soon with site ratings? If so when? 
When I download and install a product it should work as designed. I have watched YouTube videos on WSA and see a webshield but not in my case. I have tried CIS,NIS,KIS,AIS,PCA and others. Never an issue. I felt like I had NO antivirus running at all. Right up there with MSE. I wanna see alarms going off and a webpage saying "malware blocked". Why was the eicar test not even detected when clicked on or when download was finished? 
 
And if WSA is so good then why do use KIS with it? It should be able to stand on its own. 
Userlevel 7
Hi GTR707
 
It appears that you mind is made up and so be it.  I have tried to explain that WSA works in a different way to 'traditional' AVs/ISs and what you are seeing is as a result of that.
 
I am not trying to convince you to change your mind; rather just responding to your assertion that "...there are people at Wilders complaining about the samething" by saying that there are 30+ million WSA users...and I do not think that 30+ million users (especially a good number of business users) would be using WSA if what you are saying is the case.
 
The roll out of the NEW (there is protection from the current one) Threat Shiled is being rolled out as we speak...and I suspect that alot of the comments & criticism that you are referring to is due to the fact that this si taking longer than expected and at present Webroot have not provided much indication of when users will get it/how long it will take.  This has been the subject of some serious communication between senior Forum members and the powers that be, etc.
 
Anyway, if you wish to become more accquainted with the way WSA works then please stick around...if not and your mind is made up I wish you well with whatever security app(s) you decide to go forward with...and a malware free experience. :D
 
All the best
 
 
Baldrick
Userlevel 7
That VT link for that infection is for a file (that is marked bad in our database a scan should remove it now) that has been seen on a grand total of two PC`s from our user base. Thats 2 PC`s out of out millions of active users (your PC is one of those the other is a AV test box). Its not like its unknown on hundreds of thousands of PC`s! If you reply with the MD5`s of the other samples I can check them out.
 
As had already been mentioned we operate so completely differently to other AV`s. We see infections all the time before other AV vendors do. 
Userlevel 7
In response to your question as to why use KIS as well...which I presume is from you checking my signature line...the answer is simple.
 
1. I beta test for Kaspersky as well, and prior to using WSA I used KIS, so have an attachment to it.
2. No one solution (even WSA...;)) is 100% secure and so I prefer a layered approach, as I believe do many others.
3. WSA is designed to be used on its own if the user so desires but it is also designed to co-exist/complement other
    AVs/ISs...something it does better than any other AV/IS I know of.
4. I beta test WSA and given 2. & 3. above it makes sense for me to run both.
5. Of the two laptops we also use in my family BOTH run ONLY WSA.  It is only the main, desktop system that runs both
    apps...and I feel safe on the laptops with just WSA...despite what I said in 2. above.
 
As I said earlier...I am not going to try to convince you as your mind is obvioulsy made up...that is your right & perogative.  If that is the case then you are welcome to stick around...but if you do please desist with the ranting...I contend that you have made your point...for anyone reading the thread to see.
 
As I said...I wish you well for the future...with or without WSA.
 
Regards
 
 
Baldrick
 
PS. I am not a Webroot employee, nor have any affiliation with the company other than being a user of WSA and a Community Forum member. 😉
Userlevel 7
It seems that you don't understand correctly the main philosophy (approach) of WSA protection.
 
Dormant files even if malicious but only sitting on your HD are harmless. However once executed WSA will catch them and handle them accordingly (block, delete, put to quarantine etc.).
 
As for the shield, the new web shield (based on BrightCloud technology) is being rolled out progressively and possibly you have not received it yet. Nevertheless you have "the old shield" that does its work still perfectly. On top of that there are other WSA modules/shields which are protecting you in the same time. So there is no reason to be somehow worried.
 
Last but not least, WSA is so good that you can use it alone what many users, including me, do. ;)
Userlevel 2
I have not made up my mind as of yet and I am not abandoning WSA. But as of last night the Virustotal link I provided was not detected by WSA. Why isnt Webroot even mntioned in Virustotal? Is the new webshield gonna be a Chrome add on such as WOT? avast has a Chrome Ad on which works well. I am not trolling. I am concerned about my findings within an hour of using WSA. When should I reinstall WSA and when shall I trust it again? What about an IE 11 webshield? I was impressed at how quickiy WSA installed and how light it is. But I was completely unimprsssed when downloading maliscious links from malwaredomainlist and other various sites. Malc0de also. I never got one alert. Explain my findings please. I am not some dumb teen trolling along either. I am looking to purchase WSA but not willing to based on my findings. Thanks. 
 
FYI...............The file listed on Virustotal I provided was executed with NO detection. I was placed in my start up folder. Was succesfully remvoed with MBAM Free. 
Userlevel 2
Is there any known conflicts with HitmanPro.Alert or CryptoGaurd? Both were removed and still nothing from WSA. Removed prior to second installation. 
Userlevel 2
Why wasnt this folder even listed in my install? I unhid everything but could not find or see such a folder or enter. Please elaborate. Thanks. 
 
https:///t5/Webroot-SecureAnywhere-Internet/New-interface-web-site-list/m-p/59903#M1822
 
How can I get Webroot Filtering Extension  version 1.0.0.12?
 
http://www.wilderssecurity.com/showpost.php?p=2306115&postcount=88
Userlevel 7
Hi GTR707
 
Glad to hear that you are not a lost case...;)
 
If you have concerns about what you are seeing then I would take up the offer that Rakanisheu made in post 10.  If you provide him with what he has requested he can get to work to understand what is happening on your system.  You will be in good hands with him. :D
 
To answer the 1st question of your last post; because it is part of the NEW Web Threat Shield, and from the looks of things it has not yet been rolled out to your installation.
 
2nd question; you have to wait for it to be rolled out to you.  You may have seen in other threads/posts on the subject that there are some that have it and some who do not yet.  As I said previously senior member sof the Community are in contact with Webroot to try to get more infomation about where we are in the roll out and when it is expected to be complete...but with 30+ million users to update it has been taking a while and could go on for some time...unfortuantely all I can say at this time is...please be patient...if you decide to persist with WSA.
 
HTH?
 
regards
 
 
Baldrick
Userlevel 4
Badge +16
@ wrote:
Why wasnt this folder even listed in my install? I unhid everything but could not find or see such a folder or enter. Please elaborate. Thanks. 
 
https:///t5/Webroot-SecureAnywhere-Internet/New-interface-web-site-list/m-p/59903#M1822
 
How can I get Webroot Filtering Extension  version 1.0.0.12?
 
http://www.wilderssecurity.com/showpost.php?p=2306115&postcount=88
Not to hijack this thread but I have exactly the same issues as GTR707, so I am following this with great interest.  I would also like to hear the reason why a NEW clean install of the latest version (8.0.4.24) does not have a web shield component(s).  I understand the roll-out mentality of gradual replacement of current older builds BUT I (along with how many others?) am currently on a two week test of WSA and I find out that an important part of the 'shielding' is missing from the latest and greatest current version, to be added 'sometime in the future' when the backend server's logic says I can get it?  Why was this not triggered by the clean install of the latest version?  I would like to hear and understand the reason for leaving the newest (potential or otherwise) members / customers unprotected (even if it is to a lessor degree) than current past customers?  (And I have seen the argument about 'being protected by the older webfiltering shield' until the new one gets installed [I believe this was to an existing customer] but new installs have NO old webfiltering shield to fall back on.)
 
Maybe the other point is that it is not always great to show the general public parts of advanced builds (ie - BETAs or not fully released to the public) before they are included in current build / release (be it downloaded installed or 'pushed' from the backend server the moment the software becomes active).
 
Thanks.
Userlevel 2
Your not hijacking my thread. At elast you prove my point. So its not me or my system. Was gonna re-install WSA when I got home but I am still not feeling 100%. Its like how avast released the 2014 version without it even being ready. What gives with av companies. Using customers are beta testers. I should not have to redownload malware samples and submit MD5's to make anyone understand that there is a serious issue at hand. As I previously stated I mounted my stored image so the other samples are gone. Comodo even detected these samples and there dtection rate is no good at all. I might go with Panda Cloud Free for now. The thread at Wilders are been on going since Oct. Why with a fresh install from an email that Webroot gave me do I not get a web shield. Why doe the eicar test not get blocked? Why did a legit piecce of malware slip right through when 30 others av's detected it. Thanks. Again I am not trolling. I want this fixed. 
 
What about the people that just spent $30-50 on WSA 2014? They dont even get a webshield? Is the download link in my email any good? I am using the most currect version. 
 
Also what about this roll back feature. How come I did not see an option for that?
Userlevel 7
Hi GTR707
 
May I suggest that you open a Support Ticket and provide a synopsis of your issue(s).  At this stage I believe that they are the only source of assistance for your issue(s).
 
I will correct you on the point "What about the people that just spent $30-50 on WSA 2014? They dont even get a webshield?".  They DO get a web shield...it is the current one NOT the new one that is being rolled out progressively.
 
If you are using v8.0.4.24 then you are using the most current version...as I said before the new web shield is being rollout electronically and is not part of the current downloadable installer.
 
Finally, the roll back features are under the cover and their use is determined by WSA.  There is (thanksfully) not option for user control.  If you require that then I would suggest dedicated rollback software...there are a number available.
 
Open a ticket and see what the Support Team can do to help.
 
Regards
 
 
 
Baldrick
Userlevel 4
Badge +16
@ wrote:
...  They DO get a web shield...it is the current one ...
What is the current web shield?  (Perhaps this is mis-understood [at least by myself].)  Is this a add in / extension for the browsers?  The only add in / extension on the current version is the Webroot toolbar for Password Manager (looks a lot like LastPass [from the options]).  Is there another separate extension for the web filtering?
 
Thanks.
Userlevel 7
Hi dbrisendine
 
What I mean by that is what explanoit explained in an earlier post (see post 12 in case you missed it):
 
"As for the shield, the new web shield (based on BrightCloud technology) is being rolled out progressively and possibly you have not received it yet. Nevertheless you have "the old shield" that does its work still perfectly. On top of that there are other WSA modules/shields which are protecting you in the same time. So there is no reason to be somehow worried."
 
Hope that clarifies?
 
Regards
 
 
Baldrick
Userlevel 2
So only people who "pay" for WSA get the new webshield? Lol. I AM USING the most current version. I even downloaded the 30-day trial and its the same version. Why isnt there a webshield AT ALL in my version as well as others. 2 installs and NO webshield. I am not talking about the upgraded webshield. I am talking about one in general. I am trying WSA so why cant I get the full version? So If I buy WSA and get a download link your telling me I will get the webshield? Yeah right. 
 
I refuse to open a support ticxket for a product I am merely trying on for size. 
 
I filled out the the free 6 months Bronco's give a way. The download link in my email sent by Webroot should be the mosr current version. Am I not right? 
 
Just downloaded the trial version and its the same as the version I have. Care to elaborate? The installer downloads all the nessary files from your servers. It is not a full offline installer. So why arent the nessasary componets being installed? 
Userlevel 7
Badge +56
The current one is still the same as the 2013 until the 2014 Web Shield is rolled out it's brand new tech and they want to keep an eye on the roll out.
 
Daniel
Userlevel 7
I have tried patiently to answer your questions and explain how WSA works...but I am not getting through.  And now we are getting wild accusations about pay and not pay differences, etc.
 
Sad to say but I believe that trying to help you is a lost cause.  The answers are in the previous posts in this thread.
 
Try reading those, and reflecting on them rather than fiinding more to complain about.
 
All the best
 
 
Baldrick
 
 
 
 
Userlevel 2
So your telling me that I need to download WSA 2013 to get the web shield? What?
 
Dear Baldrick.................Your replies do not help my issue at all. Why does the 2014 installer not even contain a web shield? So anyone buying WSA 2014 right now does not get a web shield? Seriously? 2 installs and NO web shield. Nothing in the program data folder at all. I am not talking about the upgraded web shield.
 
How does one obtain WSA 2014 with a web shield? Explain please. Thanks. 
 
Is there a server issue that is not downloading all the nessasary WSA files onto ones pc? 
 
Userlevel 7
NO...you have a web shield in 2013 that was carried over to 2014...that web shield is NOT in the WOT style, for want of a better word, and not configurable. 
 
As explanoit has said previously and I have referred to as well..."As for the shield, the new web shield (based on BrightCloud technology) is being rolled out progressively and possibly you have not received it yet. Nevertheless you have "the old shield" that does its work still perfectly. On top of that there are other WSA modules/shields which are protecting you in the same time. So there is no reason to be somehow worried."
 
Cannot be any clearer than that.
 
Regards
 
 
Baldrick

Reply