How Well is Your System Protected?? --Five Simple Test from AMTSO


Userlevel 2
 
If you want to check whether your Webroot defences are working properly, AMTSO has a series of tests you can perform. These are relatively simple, which will check to see whether your browser, operating system and other software are configured to block malicious and drive-by downloads, and phishing attacks.
 
I ran the tests on my systems, and Webroot scored 5/5 on every computer.
 
http://www.amtso.org/feature-settings-check.html
 
 

119 replies

Userlevel 7
Interesting link.. Thanks!  Webroot passed on my system too.
Userlevel 7
Badge +51
Mine failed on the Phishing page despite the Webshield being on. 😠
Userlevel 7
Badge +56
What Browser are you using Jeff?
 
Daniel
 
Firefox here:
 

Userlevel 7
Badge +56
Also can you Save a Scan log and look near the end and you should see something like this.
 
Daniel
 
Sat 06-07-2013 10:59:46.0434    Blocked website: http://www.amtso.org/feature-settings-check-phishing-page.html
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0100007F.17856 - 0100007F.18112]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0100007F.18112 - 0100007F.17856]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.17858 - 9C8E7D4A.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.18882 - 0FE7A7D1.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.19138 - 7C2BC2AD.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.20162 - 7B2BC2AD.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.21442 - 8DE27D4A.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.21954 - 7A2BC2AD.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.22466 - 5DF94740.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.22978 - 63F94740.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.451 - 5671B205.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.963 - 5671B205.20480]
 
Sat 06-07-2013 14:09:45.0948    Blocked website: http://www.amtso.org/feature-settings-check-drive-by-download.html
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0100007F.11712 - 0100007F.11968]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0100007F.11968 - 0100007F.11712]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35008 - 6DE27D4A.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35264 - 4D2BC2AD.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35520 - 5DF94740.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35776 - 2354B942.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.26561 - 9DC17D4A.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.27073 - 0FE7A7D1.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.27329 - 9CE27D4A.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.28353 - 9BE27D4A.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.15810 - 5671B205.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.16322 - 5671B205.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.18626 - FAEE28BC.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.18882 - FAEE28BC.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.19138 - FAEE28BC.20480]
 
Sat 06-07-2013 14:10:43.0425    Infection detected: c:usersdanielappdatalocal emp5skg3z6y.exe.part [MD5: 0BB291750D42B911EA63FB71D180927C] [3/00080000] [W32.Trojan.Gen]
Sat 06-07-2013 14:10:43.0425    File blocked in realtime: c:usersdanielappdatalocal emp5skg3z6y.exe.part [MD5: 0BB291750D42B911EA63FB71D180927C, Size: 33280 bytes] [524288/00000003] [W32.Trojan.Gen]
 
Sat 06-07-2013 14:10:46.0467    Infection detected: c:usersdanieldownloadspotentiallyunwanted.exe [MD5: 0BB291750D42B911EA63FB71D180927C] [3/00080000] [W32.Trojan.Gen]
Sat 06-07-2013 14:10:46.0467    File blocked in realtime: c:usersdanieldownloadspotentiallyunwanted.exe [MD5: 0BB291750D42B911EA63FB71D180927C, Size: 33280 bytes] [524288/00000003] [W32.Trojan.Gen]
 
Sat 06-07-2013 14:11:57.0526    Infection detected: c:usersdanieldownloadscloudcar.exe [MD5: 3FB121FBBCCB27969668CC36D0A8F15B] [3/00080000] [W32.Malware.Heur.Dkvt]
Sat 06-07-2013 14:11:57.0526    File blocked in realtime: c:usersdanieldownloadscloudcar.exe [MD5: 3FB121FBBCCB27969668CC36D0A8F15B, Size: 7178 bytes] [524288/00000003] [W32.Malware.Heur.Dkvt]
 
Sat 06-07-2013 14:12:55.0029    Infection detected: c:usersdanielappdatalocal emplrqho0qa.com.part [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [29/00080200] [(null)
 
 
 
 
Userlevel 7
Badge +51
It is working now. I am using Firefox as always for me. I did change my security settings to max on my on-line console and that has sorted it but it did take quite a while for the changes to work down to the computer. It was set at the user config setting and it must have been that which was stopping it working.
This leads me to another question now though.
Is it possible using the on-line console to change the time of the scheduled scan, I have looked and cannot find it.
Userlevel 7
Badge +56
@ wrote:
It is working now. I am using Firefox as always for me. I did change my security settings to max on my on-line console and that has sorted it but it did take quite a while for the changes to work down to the computer. It was set at the user config setting and it must have been that which was stopping it working.
This leads me to another question now though.
Is it possible using the on-line console to change the time of the scheduled scan, I have looked and cannot find it.
Yes it does when it communicates with the Cloud but I leave it at User Configuration and go through the settings and move the sliders all to right side.
 
And no you can't you have to go into Advance settings and set the scan schedule second picture.
 


 

Userlevel 7
Badge +51
I have been changing it via the scan schedule inside the scan window but I have just tried it via the advanced settings section. I think I tried that way and it has always reset itself to 8am when I would prefer it at about 7pm when I know it switched on.
This is what I get when I try to change it via the scan schedule page:
 


 
Userlevel 7
Badge +51
Yes I have just tried it that way and it resets back to 8am. In fact I cannot see a way of selecting a time if it is managed by the Web Console.
Userlevel 7
Badge +56
@ wrote:
Yes I have just tried it that way and it resets back to 8am. In fact I cannot see a way of selecting a time if it is managed by the Web Console.
Because you have it set in the online console go put it back to User Configuration and do a few scans and then change it and it should stick it usually takes 20 to 30 minutes so you might have to try a few times.
 
Daniel
 

Userlevel 7
Badge +51
OK I will try that Daniel.
Userlevel 7
Badge +56
@ wrote:
OK I will try that Daniel.
Let us know when it sticks! ;)
 
Daniel
Userlevel 3
I would have loved to participate in this one, but I still can't use WSA on my Laptop!  Hopefully I will be able to relocate soon so I can get my 8 desktops out of storage!  It's interesting to see the results of others though.  🙂
Userlevel 4
Badge +22
If you can read this page, it indicates either:
  • Your Anti-Malware solution is not (yet) supporting this Feature Settings Check
or
  • Your Anti-Malware solution's Anti-Phishing feature is not enabled or misconfigured.
 
Webroot is not listed on the AMTSO page as software that supports this feature.
 
In WSA "Block phishing" is enabled.  Perhaps this feature only works with Secure (HTTPS) websites as "Block phishing" is listed on the "Protected Websites" page.
Userlevel 7
Badge +36
An answer fothcoming to above post?
Userlevel 6
Thanks for the tests...always appreciate that kind of info!!!
Userlevel 7
Badge +36
Feature Settings Check - Phishing Page

If you can read this page, it indicates either:
Your Anti-Malware solution is not (yet) supporting this Feature Settings Check

or
Your Anti-Malware solution's Anti-Phishing feature is not enabled or misconfigured.

If your vendor's name appears below, your Anti-Malware product is supports this Feature Settings Check page. If your system failed the test, click on the name of the vendor for instructions explaining how to enable the feature in your product. If your vendor does not have a dedicated page and no hyperlink is present, please contact the support department of your vendor.
 
Same here opera 12.15 Browser??
Userlevel 7
@ I'm reading their page to indicate that we should be blocking the page just because of "an industry wide agreement."  We could potentially blacklist the site, but as they point out, they don't host actual malware.  We'll look into it a bit further.  This page might actually suffice as the requirement for this related idea, but we'd need to blacklist the page.
Userlevel 7
My score is 5/5, SecureAnywhere blocks every possible danger immediately:D
 
Userlevel 4
Badge +16
Know that this is a slightly older thread but I just tested this with the new Web Filter (on v8.0.4.46 / WFE 1.0.0.23 / WPM 2.5.0) on FF v26.0 and the Phishing Page test is first allowed and then blocked (actually, the whole site got blocked until I reloaded the tab) AND then the test page / whole site is allowed again.  Is this just not working with the BrightCloud engines or ?????
 
Thanks for the help.
 
(Page is here: hxxp://www.amtso.org/feature-settings-check-phishing-page.html)
Userlevel 7
Hi dbrisendine,

Can you post a screenshot of the block message or upload it to TinyPic if you can't post images here? This sounds like it may be the old web filer as I never get the blocks at all with the new filter.

Thanks,
Shran 😉
Userlevel 4
Badge +16
Sorry, I don't have a screen shot of the Blocking Web page but I can tell you it is the new Web Filtering doing the blocking (Orange and Black message box on the page) as I've never had the old web filter running on this system or my version of WSAC.  It was weird; blocked the entire site not just the Phishing Test page, but now I can not get the Web Filter to block it again.  That's why I was asking here; inconsistent results.
Userlevel 3
I know this is a bit old, but as a new Webroot user, can anyone explain why some users are passing the Phishing Site test and others, such as myself, are failing it? I've looked at my settings and can't see anything unusual, but I end up with the same screen as provided previously; basically suggesting either my protection isn't working or isn't set up right.
 
Thanks!
 
UPDATE: No threat is detected with Metro IE, but when I go to the link using desktop IE, I do get the warning from Webroot. However, from the desktop and Chrome, I get no such warning. Is there some setting that I'm missing?
 
Userlevel 7
Badge +56
Hello liontamer and Welcome to the Webroot Community Forums! 


 
Can you check your Browsers Extensions and look for the Webroot Filtering Extension and the version like I have 1.0.0.26 it should show in IE, Chrome, Firefox & Safari are only supported and please let us know. And I will check and test Metro IE.
 
Metro IE11
 
"With very few exceptions, it doesn’t allow plug-ins or add-in programs, extensions, toolbars, or anything that may gum up the works. Yes, that means you can’t use Microsoft Silverlight, Microsoft ActiveX controls, the Java Runtime Environment (which Microsoft used to distribute as part of Windows), the Internet Explorer Developer Toolbar or the Bing Toolbar, (er, Bing Bar), or the MSN Toolbar.In fact, you can’t even use Microsoft add-ins, plugins, or toolbars, much less those from other companies like Ask or Yahoo!.By getting rid of all the junk (including many pieces of flotsam created, distributed, and promoted by Microsoft), Metro IE is considerably faster, more uniform, easier on the battery, and much more secure than any other version of IE, ever."
 
http://www.dummies.com/how-to/content/the-two-faces-of-internet-explorer-in-windows-81.html

 
And I have the Extensions in IE11 & Chrome Win 8.1 Pro x64!

 



 



 
Thanks,
 
TH
Userlevel 3
Thanks for your response. I've found:
 
IE Desktop does have the Webroot filtering extension enabled.
 
Google Chrome does not have the extension even noted. There is an option for Webroot Password extension however, which is not enabled.
 
Bob
Userlevel 7
Badge +51
@ wrote:
Google Chrome does not have the extension even noted. 
Hello liontamer and Welcome to the Webroot Community Forums! 
 
Extension is disabled or not installed?
 
If the extension is not installed(problems)
Try to install the extension "dragging"
First turn on the display of hidden folders
Control Panel-> Folder Options-> View-> Set - Show hidden files, folders.
 


 
 
Thank you
Best regard, Petr.
 

Reply