cancel
Showing results for 
Search instead for 
Did you mean: 
Community Leader

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

Thanks for the very prompt responses guys.

 

I didn't quite appreciate all the new variants that are released every day and the difficulty (impossibility) of keeping 'normal' AV databases up-to-date.

 

I think your comments about 'saviness' are very pertinent Baldrick and am wondering if Webroot could perhaps be a little more pro-active in spreading the word on that. Perhaps these forums are the means to do that but I suspect that WR has a lot of customers who, like the majority out there, have no interest in malware issues until they become personally infected.

 

Regards

 

Nemo

 

 

 Community Leader



Gold VIP

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

Hi Nemo

 

It is the contribution by the Webroot staff (past and present) that help us greatly.  Roy has posted about CryptoLocker variants before in response to similar enquiries...and we learn from receiving that professional input that makes the Community such a great place.

 

In terms of savvyness I agree that it would be useful if there was some more overt way for WSA to let users know that potentially threatening behavior has been detected...but then it is a balance between protection and unnecessarily scaring users.

 

To that end I believe that there is a Feature Request (cannot remember if I initiated it or some one else did) to have a new feature that informs the user when a file or app has been set to 'monitored' so that they are aware that there has been potentially nefarious behaviour detected, etc.  That of course would need an option (set by default = 'No') to allow the warnings to be displayed or not.

 

Will have to check up on whether that has indeed been raised and if so then what the status is.

 

Regards, Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v9.0.24.28, imaged by Macrium Reflect v7.2

Community Leader

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

Hi Baldrick

 

The monitoring feature sounds like a good idea. I will see if I can find the thread.

 

Just so I am clear about this then. With a zero day variant of Cryptolocker (or similar), a standard AV would probably let it through to go about its nasty business, WSA would let it through but monitor it whereas a lock-down anti-executable defence (like VoodooShield) would stop it executing in the first place. If I'm right about this, I can see why you like your combo! Smiley Happy

 

Nemo

 Community Leader



Gold VIP

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

Hi Nemo

 

It should be a Feature Request, and so logged under that section of the Community Forums.  If you find that I am hallucinating then you are most welcome to start a new Feature Rerquest yourself re. this additional feature. Smiley Wink

 

With regard to how other 'standard' AVs might react to CryptoLocker I could not possibly comment except to say that most if not all the mainstream ones will have some feature or two that tries to handle zero-day variants so to say that they would let them through would be harsh...as no system is perfect (and if you look around a number of them are starting to copy WSA in terms of some form of journalling of files & apps that are suspicious - Emsisoft being the latest from what I read about their latest version).

 

Yes, VS should lock down the system (assuming that you are running in ALWAYS ON or SMART mode) should anything get past WSA...indeed, hence why I love the combo. I trust in WSA but nothing is entirely 100%...though WSA made be the closest to that, i.e. 99.99%, but a layered defense is even safer. Smiley Very Happy

 

Regards, Baldrick 

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v9.0.24.28, imaged by Macrium Reflect v7.2

Community Leader D_J
Community Leader

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

Hey Nemo,

 

A cliché can say it all Smiley Happy

 

"It has to get worse before it gets better."

The reason we are in this thread to begin with...

 

"The best offense is the good defense." or "The best defense is the good offense."

WSA and any improvements the developers can build into it + any other tools you can pile on top to help.

 

“The best-laid schemes of mice and men oft go awry and leave us nothing but grief and pain, for promised joy!”

New variants every day, more divisive web pages and emails to entice even the best-prepared and equipped techie into the spider's web.

 

"Last line of defense."

Don't forget frequent and validated backups to restore back to a state before the infection.  Given the worst outcome, even once a day backups will keep you no more than 24 hours away from a clean state.

 

The Best,

Dave

Community Leader

Community Leader

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

@Baldrick

 

I found the thread in Feature Request - here's the link.

 

https://community.webroot.com/t5/Ideas-Exchange/Notification-pop-up-unknown-application-is-started-m...

 

Thanks for the clarification regarding my general understanding of zero-day variants. I started using VS only yesterday and totally agree that it feels like a great combo.

 

 

@Dave

 

Appreciate all the cliches! Smiley Very Happy

 

 

 Community Leader



Gold VIP

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

Cheers, Nemo

 

Glad to see that I have already kudoed it.  Hope that you have too?

 

Glad to see that yo are on board re. VS... if you are running the release version (v2.50) then hold on for some super new features as and when the next release is officially rolled out (current TH & I am testing v2.73a...and it is a quantum leap on from v2.50).

 

Now back on topic...lest we fall foul of the Community Guidelines. Smiley Wink

 

Regards, Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v9.0.24.28, imaged by Macrium Reflect v7.2

Community Leader

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput



Glad to see that I have already kudoed it.  Hope that you have too?

 


First thing I did!

 

I am using 2.73a Beta - I overcame my reluctance of Betas and am impressed. One of these days I might take the plunge and try and sign up for WR beta testing although I can't help thinking that I'm not experienced enough to be of much assistance.

 

All the best

 

Nemo

 Community Leader



Highlighted
Retired Webrooter

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

The problem is about notifying customers is 

 

  • People tend to ignore emails (esp IT related emails)
  • They unsubscribe from said emails
  • They claim its SPAM and complain
  • If we use the product in messenging function we get complaints

I used to do webinar events and they were very popular but the people that go to said events are the type of people that already have a interest in security. 

Gold VIP

Re: I have Crytolocker on my computer you are my security please remove this as I cant use my comput

Hi Roy

 

Appreciate what you are saying and that is why the Feature Request also includes the option to notify the user when an item is put to 'monitor', with the recommendation that the default is 'No' so that the user has to overt change it so as to be notifed.  Hopefully, that means that there would be no change for users unless they wanted the notification and took the trouble to change the option to notify setting.

 

Regards, Baldrick

       Untitled-1.png


Webroot SecureAnywhere Complete Beta Tester v9.0.24.28, imaged by Macrium Reflect v7.2