Better?

  • 3 February 2019
  • 35 replies
  • 274 views

Badge
How is Webroot better than AVG or McAfee?

35 replies

Userlevel 4
Badge +12
You're not likely to get a lot of answers to a question like this but in the simplest response possible: it's better because it has less impact on your system's resources. It also scans incredibly fast so you're not going to have to scan at times when you're not planning to use the computer. But is it truly "better" than other AV's? According to AV-Comparatives and AV-Test there are many "very good" AV's on the market today. Unfortunately Webroot generally does not lend itself to testing by these labs. However, Neil Rubenking from PCMag has rated it one of the best AV's and Security suites. But again... is it better than all the rest? The truth is: there is NO best anything (no best AV, no best Security suite, no best shaver, no best computer, no best car...). Anything made by man has trade-offs and glitches and so does WRS (i.e. currently its password manager is broken and has been so for months now). But I like it and have found that it works for me. And many others would agree. Plus, it is gratifying, at least to me, that it happens to be an American company.
Plus, it is gratifying, at least to me, that it happens to be an American company.
And it is gratifying to me, as a Brit, that the technology behind Webroot's AV engine was built by a British company* ☺️

*Prevx
Userlevel 4
Badge +12
Cool. But I'm sure the American company has added quite a bit to the original otherwise, why did the original sell out if they were so popular and successful? I'll stick with what I said before and that is simply that there is nothing that is best including Prevx, Webroot, Avast etc etc etc. Some are "better" for a time and then they fail for one reason or another. Currently WR is failing miserably in their password management but hopefully that will soon be fixed...hopefully.
Press Release re Acquisition:
https://www.webroot.com/us/en/about/press-room/releases/technology-acquisition-cloud-security
Thread re History of Prevx/Webroot:
https://community.webroot.com/tech-talk-7/webroot-prevx-history-42258

Prevx was very successful when it was acquired by Webroot. But it was small. And it realised it could not develop its product to the extent that it would ultimately want to without the leverage of a larger-sized cybersecurity company. That said, it firmly resisted any takeover or merger until it was sure it was happening in the right hands and, above all, with a company that shared its understanding and philosophy regarding cybersecurity.

Also, once acquired, the developers responsible for rebuilding Webroot's technology were exactly the same team that had built Prevx. And btw to reassure you: the chief architect of that team, Joe Jaroch, was (is) American.

I used Prevx from late 2006 until I transitioned to Webroot in late 2011. This is also true for @TripleHelix, @Baldrick, @Tarnak and others.
Userlevel 7
Badge +19
Yep, I've been using it since the Prevx days too and it's never let me down yet on the Security side, I've never used the Password Manager as I was already using and coninue to use Roboform to manage Passwords etc.
Userlevel 4
Badge +5
In my experience, users tend to disable features or whitelist too much on products such as AVG/McAfee/Symantec leaving them less protected than if they had chosen a lightweight product (such as Webroot) that may not need as much adjustment to begin with.
Userlevel 7
Badge +28
We're just using the Webroot SecureAnywhere Endpoint Protection AV product. However, we choose it because it has a small resource footprint and they still support older Windows operating systems for now.
Yep, I've been using it since the Prevx days too and it's never let me down yet on the Security side
Likewise for me (and dramatically so by comparison to my previous experiences; also, with reference to the second to last post, personally I've never disabled any protection feature on AVs I've used—at least, as far as I remember).

Nic however (previous poster) has had a somewhat different experience. I'd like to have gotten to the bottom of it (I've always been interested in those who, in real-life use, have had not so positive an experience of Prevx/Webroot) but I clearly sensed he wanted to put his experience behind him.
Userlevel 7
Badge +28
@Muddy7, my main reasons for using Webroot SecureAnywhere Endpoint Protection AV solution are:

  1. Still supports older operating systems. In particular Windows XP and Windows Server 2003.
  2. Small resource footprint on the endpoint.
  3. Management console that doesn't require me to buy a server version and set-up and maintain a server for it.
  4. Licensing price per endpoint isn't ridiculous high.
We've been using Webroot for 3-4 years now and the points above are the reasons I've continued to use it. If it wasn't for these, I'd be long gone. Support in the past has been astoundingly non-existent or helpful. I will point out that a recent support ticket escalated to level 2 was a much better experience. The rep was better trained and more professional than anyone else I've ever talked to a Webroot. He wasn't able to completely resolve my issue, but due to the time he put into trying and the professionalism he displayed, I was satisfied. Webroot's console and software has a great framework, but too many bugs. I wish they'd workout the bugs and then continue adding new features. I say this because the quantity of issues that I'v run into over the years is honestly ridiculous. I'm not going to go into individual issue details, but I will say that my issues generally weren't solved, I had to abandon the Mac version, and I wouldn't consider a Webroot product as a solution if it wasn't for the above list.

These are harsh words, but this is my experience. Should Webroot become a better product before that list isn't an issue for me. I will continue using them and possibly suggest them to others. I get asked regularly which AV to use and I say we use Webroot. However, I have to put a disclaimer with that so the IT Admin knows what to expect.
@NicCrockett

Interesting.

I see Forum members here raving about Webroot's Support. I've always assumed this must therefore be true for the way Support deals with infections (as I say in an above post, I've never yet had to deal with an infection since moving over to Prevx/Webroot) as my own experience in general with Webroot's Support is a bit underwhelming ☹️. However, maybe my expectations are too high as my benchmark has always been Prevx's quite breathtaking level of Support they used to have.

What surprises me, however, is that you find Webroot so buggy. My experience is completely the opposite. I would have assumed that this was most likely due to the difference between the Business and the Home Versions, but then again if that is so why is this problem not mentioned in the Spiceworks Customer Reviews which are so overwhelmingly positive?

Btw I never got to the bottom of the incident regarding the malicious file that remained in the My Documents folder of one of your client's devices, device which was protected by Webroot, for over a year (this is what I was referring to in my previous post above). You said s/he downloaded the file OK and then even executed it. My queston is this: did it ever to your knowledge make malicious changes to and/or compromise her/his device? I ask this because Webroot is known, by comparison to other AVs, to shine as an extremely effective behaviour blocker while not always being a perfect malware file detector (sometimes waiting until the first device in its worldwide userbase encounters the first malicious action by that file—but then acting instantaneously).

Finally, because of my personal experience (though I'm always listening to others who use or have used Webroot—so far most of those who are prepared to share their experiences seem to have similar experiences to mine—you are certainly one exception to this rule) I, in contrast to you, am loyal to Webroot because of my experience up until now regarding its superb protection of all my devices, and rather less loyal when it comes to its bells and whistles (Backup & Sync, Password Manager, System Analyzer, Personal Security Report and anything else I might have forgotten to mention).
Userlevel 7
Badge +28
@Muddy7 I'll try to answer your questions paragraph by paragraph as you wrote it. By the way, great detail in your writing.

Paragraph 1:
First off, I should say that I was never a Prevx user. I didn't start using the product until it was Webroot, so I can only speak from sometime in 2014 on. Until recently, there were times when support literally told me to just deal with it. As a business user I was very unimpressed. Again, I'll mentioned that my recent experience was more in line with what I would expect from business level support and what you describe.
As for Webroot catching infectons. When I first started using Webroot, it quarantined 100's of program files on my system. Most were for Adobe software. I had to restore all those files and I had to create around 300 overrides.

Paragraph 2:
I can't speak to the home version since I've never used it. However, I've found numerous bugs in the business software over the years. Here's some examples:
  1. All the overrides I had to create. One I created later for a server was our WSUS server. WSUS is a program that you can run on a server that downloads Windows updates. Your desktops and servers download their updates from this server instead of Microsoft after you've approved them. This keeps you from wasting bandwidth by having 100 desktops download the same set of updates, instead this server downloads it once. WSUS is a common server application published by Microsoft, but Webroot was quarantining some of the updates it downloaded.
  2. Via the console you can send a command for an endpoint to run. Sometimes these would go through and sometimes they wouldn't. Supports response was, they can't diagnosis or guarantee this feature, good luck.
  3. A file was quarantined when it shouldn't have been. The console failed to restore the file because it didn't think anything was quarantined. I had to put the software in unmanaged mode and restore it from the PC. I believe there was some other shenanigans with this issue, but it's been awhile.
  4. Of course you know about the malicious file that remained on the system for a long time. I'll discuss that more below.
  5. The latest bug has been that I've found certain files in the software aren't getting updated from the console. Specifically the latest issue dealt with the Ovr.db file where almost every system on my network isn't getting updated and I found one that was over two years old. More about that here.
  6. When Webroot is uninstalled it doesn't clean-up after itself. It also should do some house cleaning while installed. More on that here.
  7. The bug list goes on...
I haven't given Webroot a bad review on Spiceworks or any site because I try to allow companies to improve. I don't want my 2015 review when I think they were bad to affect them in 2020 when they might be great. I try to be nice, obviously this post any winning me any points with Webroot lovers.

Paragraph 3:
The file was for a piece of software, but it wasn't malicious. One of the things that really bothered me was, Webroot didn't catch when it was downloaded or run and installed. It caught it on a random scan however long I said later. The installer just happened to still be sitting in the users My Documents folder. They didn't re-run it or even touch it.

Paragraph 4:
Like you, I will be extremely loyal to something that works well and has great support. I will help it succeed by offering ideas to improve it and try to get new users to move to it. However, my experience with Webroot does not put it in that category. They change and that stance will change. You'll notice that even though I haven't had the best experience, I'm still offering ideas on how to improve the software and the user experience. I've been an evangelist for software like Spiceworks for the last 10 years. I'll do the same for Webroot if they show me the same level of business class software and support. Also, like you, I haven't used Webroot's other products, so I can't speak to them. However, the business console does have alerts and reports. Let's just say, that for a business class software that you pay for, basic is too strong a word for them.

I hope that answers your questions, sorry it was so long.
Nic, you shouldn't apologise for the length of your post. It was really good of you to go to such lengths in explaining your problems with Webroot.

Some of the problems you mention (dump files, FPs—though for me this is a past problem, maybe indeed the same time as you circa 2014—finding wsalogs.exe feels buggy in the way it sometimes succeeds other times fails, the longstanding problem of the need for Webroot to periodically clean up the log files—btw has this now been dealt with? I don't know) are familiar to me. In my case, they've never become a major issue, just slight annoyances, and my feeling was that, nothing is perfect and I've known much worse in my past experience of household name AVs. (Added to which of course Webroot, and previously Prevx, unlike other AVs I've used, has always protected me ;-)

They may however be of greater concern in your context.

When you come to the things that are lacking in the Business Endpoint offering, I'm afraid I'm out of my depth, as I don't use this product. However, from what you describe they do sound concerning. Makes me think of the lack of robustness I've encountered in the bells and whistles of Webroot (see my previous post). But of course it would be interesting to get further feedback from others who use the Business version and their experience of these features.

I am also aware that for some people, such as developers, Webroot may not be the perfect solution as they can continually see their apps they are writing continually being FPd and so the need to continually whitelist them or get them whitelisted at the backend. Just a thought, and I may be barking completely up the wrong tree, but maybe could something similar be happening here inasmuch as you are an advanced MSP provider who likes to customise your endpoint management procedure, and you're thus finding bugs that others maybe are not finding. Probably wrong, but even if I'm right, obviously that does not mean this should be happening by any means!

And of course, given that I have no experience here, I don't know how this experience compares to other Business Endpoint offerings.

Finally, regarding my paragraph 3, you've now got me totally confused. You say: "you know about the malicious file that remained on the system for a long time" and then a couple of paragraphs later you say: "The file was for a piece of software, but it wasn't malicious." What?!? Are you trying to confuse me😆!?! (joke!!) Help!!

[If it's of any interest, here is the original post (and thread).]

Btw, if it was indeed malicious, the fact that it was in the My Documents folder and was not detected for a very long time, does not of itself bother me so much (and btw I've seen this happen once too*). What really interests me is whether the file had begun to perform malicious actions. (See my comments in my previous post regarding Webroot's approach to malware detection and blocking.)

-------------------------------------------------------------------------------------

* I should add that it was an app that Prevx was flagging as malicious and there were good reasons for it doing so, but was in fact an FP which I knew to be legitimate.
Btw Nic, here's an example of the kind of feedback I'm hearing from people who use Webroot (and that would include those [few] friends and [indirectly] friends of friends I've persuaded to change to Webroot). This, of course in no way addresses the poor level of Support and the bugs on the Business Console that you've experienced.

Still curious about the "malicious"/"not malicious (???)" file you refer to. Would be really grateful if you can un-confuse me ;-)) Thanks!

Keith
Userlevel 7
Badge +28
@Muddy7,

The issue of Webroot not cleaning up dump files, logs, and other files on an uninstall has all happened in the last few months for me. As you said, this is a long running issue, and I've seen dump files going back multiple years. However, it's a problem that still exists based on what I've seen in just the last two months. Some of endpoints are old and the C drive is only 10 GB in size. If it has a little over 1 GB in dump files from Webroot and everything else is running, I have 1-2 GB of free space on the drive. This isn't a good situation for the server to run effectively and yes I need to replace it, but that's not an option at this point. This means I need the software running on it, to run as efficiently as possible.

Just to clarify, I'm not looking for perfection. I just want the software to work as advertised and run with as few issues as possible. This hasn't been my experience with Webroot.

I should also clarify, I'm not using Webroot as an MSP. We are a business that uses Webroot's Business product across our infrastructure to manage our endpoints. So, it's just me managing one company.

Sorry for the confusion on the let's say "malicious file". Webroot found it on a random daily scan and declared it as "malicious". All it was, was an executable for a program the user had in their My Documents folder. The user wasn't using the executable because they installed the program previously. The file was just sitting in the folder from when they downloaded and installed it. It was a legitimate program, not a "malicious file", so Webroot caught it as a false positive. The real questions are:
  • Why wasn't it caught during download?
  • Why wasn't it caught when the user ran the executable to install the program?
  • Why did it find it on a random daily scan when it wasn't being used?
Webroot was installed on the PC during all of these events. When I viewed the report on the "malicious file", it said it was aware that the file was malicious before the user downloaded it. I know this because Webroot tells you when it was "Determined Bad". This date was before the user downloaded the file. I also know how long it was on the PC before it was found because Webroot tells you the "Dwell Time", i.e. the the length of time the file was on the PC. I also use Spiceworks, and it confirmed when the program was installed. Again, Webroot said it was "malicious", but this was a false positive. I hope this clarifies and doesn't confuse you further.

We have a saying at our company. If you want to break your software or hardware and find where problems are that need to be fixed, send it to us. Granted, this means you also have to want to improve your software and hardware. However, we are known for breaking the mold and helping companies in our industry improve the capabilities of their offerings. Given that I shouldn't be too harsh on Webroot. We are a one of a kind company that has a unique infrastructure.

Sincerely,
@NicCrockett
Thanks, Nic.

I'm far clearer now.

So:
Regarding the "malicious" (Webroot FP) file:
  • It doesn't particularly bother me it wasn't caught during download
  • It doesn't particularly bother me that Webroot didn't find it on the daily scans
Why is this? Because I know that Webroot is not so much the champion at finding malicious files on your system as the champion of blocking malicious behaviour. And I know that when Webroot scans your system, it is not looking everywhere but rather in the places where malicious files are known to launch from.

But (and given what I've just said):
  • I am more concerned that it did not catch the executable when run
However I am just a humble user, and it would be much more interesting if a Webroot engineer were to chip in here. Their speculations might be able to throw a lot more light on what might or might not have been going on.

And so (and thanks for having the amazing patience to explain things right through to the end ☺️) I would still maintain my view that, notwithstanding Webroot's admitted weaknesses (some of which, regarding the Business Console, you've made me aware of for the first time), it is very good at keeping a user's machine clean of malware infections. That view, of course, may be subject to change given any future information I might become aware of.
Userlevel 7
Badge +28
@Muddy7,

I'm glad we cleared that up! 🤔 Your stated concerns in your last post make sense. However, support left me with no answer or help because they couldn't figure it out. At this point, it's an old concern, so I'm not worried about a fix. It does however influence my continued use of the product, which as of right now hinges on the reasons I stated earlier. Future renewals may see me jumping ship if those reasons haven't been resolved and Webroot hasn't improved the product, service, and support. Like you, I am always looking at any information I can find to come to that conclusion.
Userlevel 7
Badge +28
@Muddy7, I thought I was done, but I just notice this new thread that might interest you.

https://community.webroot.com/got-a-question-10/changing-policies-in-console-337139
I've been following that thread.

Not quite sure if he has used Support's web or phone service, i.e. the official Support channels. Maybe we'll find out if he responds to your post there.

But he seems to be treating this Forum as the official Support, which it is not. Sometimes the regulars here can provide help but it will never replace the official Webroot Support.

Also, you and I know the limitations of Webroot's Support, but no AV is perfect. Interesting, isn't it, how @sealey says his company used to use ESET (which I have a high regard for) but found that Webroot's superior Support service was one of the key reasons why they changed.
Userlevel 4
Badge +5
@Muddy7 We had ESET Endpoint (V5) 2011-2015; Switched to Webroot mid-2015 when a full redeployment was needed to move to V6 and they were less than helpful with a migration plan. I'm averaging 5 Webroot support tickets open a year and have had a great experience so far.
Userlevel 7
Badge +28
I considered ESET, but they weren't going to support Windows XP for as long as Webroot. This was the main reason Webroot won our business. At the time I was evaluating AV options (2014), ESET was considered the best by the AV Comparisons website. However, I have no real experience with them, so I can't give a real apples to apples comparison opinion. I can only speak to what I've experienced with Webroot.
Userlevel 7
Badge +28
I've been having an issue where Webroot doesn't update the Ovr.db file on endpoints. Even when it does update the Ovr.db file it ignores it. FYI, the Ovr.db file holds your overrides. I worked with support for about a month to try and fix it. We supposedly got everything fixed, but the file causing the issue I didn't have another endpoint to deploy it to, so we couldn't fully test it. I just updated the software that deploys that file and tried it, but it failed on four endpoints. All of which should have succeeded. I called support and their answer was, "Well that should have worked, sorry". No suggestions on fixing the issue, they just told me to respond to my old ticket and someone might get back to me.

Webroot Software and Support Fail!!!
Userlevel 7
Badge +63
@NicCrockett I'm sorry in time you need to upgrade to Win 10! XP, Vista and Win 7 will be support less next year so it's time to move on and up in the OS department IMO. I loved XP and hated Vista and loved Win 7 but didn't care for Win 8 or 8.1 but been using Win 10 since it came out and even the older builds of Win 10 will not have support: https://support.microsoft.com/en-ca/help/13853
Userlevel 4
Badge +12
I just completed reading the most recent Consumer Tests by SE Labs (15 pages) and it is NOT a good showing for Webroot. If you're interested the link below will take you there:

https://selabs.uk/en/reports/consumers
Userlevel 7
Badge +63
I just completed reading the most recent Consumer Tests by SE Labs (15 pages) and it is NOT a good showing for Webroot. If you're interested the link below will take you there:

https://selabs.uk/en/reports/consumers

I already posted: https://community.webroot.com/community-101-2/se-labs-home-anti-malware-protection-oct-dec-2018-337223 which you posted in....
Userlevel 7
Badge +28
@NicCrockett I'm sorry in time you need to upgrade to Win 10! XP, Vista and Win 7 will be support less next year so it's time to move on and up in the OS department IMO. I loved XP and hated Vista and loved Win 7 but didn't care for Win 8 or 8.1 but been using Win 10 since it came out and even the older builds of Win 10 will not have support: https://support.microsoft.com/en-ca/help/13853

@TripleHelix,
I wouldn't blame Webroot for a failure on Windows XP, I realize it's outdated. This was 3 Windows Server 2012 R2 endpoints and 2 Windows 7 SP1 endpoints. These are up-to-date Microsoft supported operating systems and Webroot's software doesn't work as advertised. There is no excuse why this and other functions shouldn't work on these systems.

Reply