Does this mean any automated fix ISN'T gonna happen? And after several days, shouldn't the agents have all reported in??? Any new systems that haven't been turned on that are turned on now should have checked in and downloaded the new build I'm hoping????
I prefer not to have to call support unless Webroot wants 300+ tickets put in knowing we don't all have physical/remote access to the systems in question.
Where's the fix??? Where's the compensation for this???? We and our clients are out a LOT of money due to this. It's the second time this has happened and my inbox is full of false positive alerts.
I'm simply waiting for the automated fix. Hurry up.
... View more
Need to get this fixed ASAP guy/gals. I'm still getting thousands of alerts. I've essentially had to tell clients to leave the computers alone.
I'm hoping somebody loses their job over this as we are losing lots of $$$ with support calls etc and clients with systems down.
... View more
It works very well as they have deployments with large retailers with thousands of endpoints. It's just a matter of gathering the traffic habbits of the networks, setting up the whitelists and then they also have an auto whitelist feature, where it blocks initially and then when requested to unblock, will analyze everything first and only bring down the data needed for the site to work. All the other stuff such as ads etc.. .are continued to be blocked. They're more than happy to work with organizations to get everything up and running.
The granularity can be down to a device level. So this is not just limited to PC/Macs, it protects everything behind it including TV's and all other smart devices from "calling home."
... View more
Everything is done on the gateway using rules so absolute control over the traffic is there. DNS Protection is essentially allowing you to control blocking of various categories etc...
We need to start thinking of the rule of "Block All, Allow Some" instead of "Allow All First, Then Block as needed." Cause with that, the bad actors have already won.
... View more
DNS Protection from Webroot is good, however it provides nowhere near the level of granularity over DNSThingy and it can easily be bypassed, whereas having DNSThingy on your gateway, it can't be bypassed at all, not even by VPN behind.
... View more
Sorry to hear you are having an unpleasant experience. Let's try and explain how things work and that you need to take an hollistic and layered approach to handle infections (Crypto-Ransomware being one).
This is gonna be a long response so prepare yourself, but these sorts of tips will go a very long way to help you and anybody who has to deal with malware/security in general.
First, absolutely NO product is 100% effective against all types of infections. I know that's a pretty canned response, but it's true. It's more about lowering the infection surface area whereby the chances of getting hit are less and recovery and remediation is easier if/when something does happen.
- Start with good backups. Cloud backup services are cheap insurance, USE Them. Also, an external drive and simply using the built in backup offerings of Windows/MAC OS combined with cloud backups, will give you a fighting chance to recover should something really cause a mess.
- Make sure that you have a good router with DNS Protection and egress control (don't let things out). One of the best is DNSThingy from dnsthingy.com. If you place all of your devices on a whitelist and a business feature called "Don't Talk to Strangers" (DTTS), then there's almost NO chance that even if a ransomware were to slip by, it simply can't communicate to a Command and Control server to get encryption information. It wouldn't be allowed because it's not whitelisted, was never approved, it gets checked against threat lists, if it's an IP request only, it'll simply NEVER get through to the outside world. The ransomeware will run, but can't infect. Check it out....very good. We have to assume we are going to get infected and prevent everything from getting out unless explicitly allowed.
- Make sure that you are completely turning off AutoPlay/AutoRun, Macros (turn off WITHOUT notification in Trust Centre) and the Windows Script Host. If scripts can't run, they can't infect. If a malicious document with macros doesn't present the option to enable, it can't run. These tips are regardless of what AV you use.
- Make sure that your MAC OS and Windows Firewalls are installed. Yes, they are good enough.
- Unless absolutely needed, Turn OFF or remove Powershell. That way powershell commands can't run.
- Make sure that all the apps installed are up to date
- Make sure the OS is up to date.
- Remove Java/Flash from all systems unless absolutely needed.
- Have Webroot Support go over your policies on your systems. They'll be happy to audit things to ensure that you have the best protection. They did for me and pointed out some things I missed.
- Make sure the users email account settings on their host are setup with security in mind. Make sure they are using SSL, spam filters are setup etc...
- Educate users. Tell them to NEVER open any links or attachments from ANYBODY AT ALL, regardless of sender, until they verify it's legit. Webroot has Security Awareness Training. Look into it.
In terms of Webroot not scanning email. No, they don't scan the email itself as it's coming in, BUT, they'll take action on any file acted upon, such as an attachment. It won't take action on a Word document attachment with macros (they should), but the agent WILL if the macro runs and writes something to disk. Hence my above to disable macros and Script Host so those two layers with Webroot will negate most of this. Plus if you have DNSThingy as well, the script or macro simply won't be allowed out to download a malicious file.
If you are running the Webroot in a business environment, make sure that you set your policy to NOT allow the agent to be disabled or unmanged.That way users can't go and muck with settings or disable protections.
Webroot after first installing will take, in essence, a snapshot of the system, it's running processes etc.. and use that as a baseline going forward. When new files/processes are introduced to the system, Webroot will check the files against the cloud to see if it knows them to be malicious/good/unknown and take appropriate action to allow or stop/quarantine the file.
The days of throwing on the agent of an AV product or trying to "layer" by loading up multiple products and walking away are gone.
One product like Webroot, backups, lock the system down, educate the users, DNS router with Egress control and whitelisting all help. If you don't do these things, you are essentially doing the people a disservice.
Hope this helps.
... View more