How Well is Your System Protected?? --Five Simple Test from AMTSO


Userlevel 2
 
If you want to check whether your Webroot defences are working properly, AMTSO has a series of tests you can perform. These are relatively simple, which will check to see whether your browser, operating system and other software are configured to block malicious and drive-by downloads, and phishing attacks.
 
I ran the tests on my systems, and Webroot scored 5/5 on every computer.
 
http://www.amtso.org/feature-settings-check.html
 
 

119 replies

Userlevel 3
Update. I just got off the phone with tech support. The agent said they are aware of this issue; in fact they discussed it in a group meeting and they decided to pass it on to the developers for their review and input. They will update me through the ticket system when they hear anything. When I hear something, I'll repost.
 
Thanks again!
 
Bob
Userlevel 3
Hey guys,

The response from the team made a lot of sense to me; it didn't fix my problem, but I believe they're on the right track. I believe Chrome, or at least the later versions of it, are making it a little more difficult regarding extensions. I knew that to be the case; all of them are supposed to come from the Play store I'm told. That doesn't explain how the Webroot Password Manager extension is able to sneak through of course. At any rate, I'm posting their suggestion here, as it may help others, even though it didn't work for me. It just looks reasonable to me anyway. This from an Escalation Engineer:

"Hello,

There are a number of changes that Google has made to make Chrome more secure, one of these initiatives was started with the 33.x build. The idea is to force all extension installation via the Chrome store. While this isn't yet a requirement, some of the code base to make this a reality is in place on the 33.x build.

It is possible that the method we are using to install the extension isn't working in your particular installation of Chrome. This may be because of several issues, however, it may be possible to force the extension installation by following a procedure. I've outlined this process below, while there is no guarantee that this will work, it would be good to try it as we've had some success in the past.

1. Uninstall Webroot
2. Uninstall Chrome
3. Reboot
4. Install Chrome
5. Reboot into Safe Mode with Networking
6. Install Webroot
7. Reboot into normal Mode

Check to see f the extensions installed properly,If so, great, if not, please let us know and we'll update our development team to reflect the information.

Thanks,"

So we'll see when/if there is anything they can do to resolve. I've left Chrome and am working it out in Firefox and getting more comfortalble each day I think. So there's no hurry.

Just keepin' you up to date!

Bob
Userlevel 5
After further testing, it is our business customers using the legacy PhishCheck web filtering component that are not blocked by this. Consumers using the new PhreshPhish web filtering are properly blocking this test page.
 
I am having this added to the PhishCheck database and should be blocked within 24hrs.
 
Let me know if anyone is seeing anything different.
 
Thanks all,
Userlevel 7
Badge +56
@ wrote:
Thanks, Daniel...I had forgotten that this can be done with Chrome (as I am not a Chrome regular user).
 
Done that and the extension is now in place.
 
Cheers, Baldrick
Neither am I but I installed Chrome to support members & users of WSA!
 
Daniel 😉
Userlevel 7
@ wrote:
@ wrote:
Thanks, Daniel...I had forgotten that this can be done with Chrome (as I am not a Chrome regular user).
 
Done that and the extension is now in place.
 
Cheers, Baldrick
Neither am I but I installed Chrome to support members & users of WSA!
 
Daniel ;)
As indeed do I...:D
Userlevel 7
Badge +56
Yes it is failing we can see if @ could get someone on it as BrightCloud says it bad! I tried IE11, Firefox 28 & the latest Chrome.
 
Thanks,
 
Daniel :@
 


 


 
 
Userlevel 7
@DavidP1970 wrote:
I was on Chrome, and did the search on www.brightcloud.com  Not sure why we got different results.....  Yes.. I really look forward to Monday to see what Shawn has to say
This is TOO wierd! OK, here is my result with my Chrome browser. I have Webroot Filtering on and also added the Webroot Reputation Toolbar and I have not received any warning! Thank you @  and thanks Sherry for responding so fast!

Userlevel 7
@BB97 wrote:
I use snipit, I'm good with it, just dont have it on my takbar. Time to put it there now that I am hanging out here! BTW, I used the exact same url to check, too strange!
It is very strange!
 
I do not usually have Snaggit up and ready to go... I happened to had to grab a couple screen shots for some emails earlier and hadnt turned it off yet LOL!
Userlevel 7
@DavidP1970 wrote:

I do not have the Reputation Toolbar installed.  Since the addition of the browser filter extentions, the Reputation Toolbar has been 'downgraded'.  Also, the Reputation Toolbar does NOT use the same database as the new Filter Extension.  That explains the difference in ratings that we saw I think.
 
Still... they BOTH need work to get the page blocked correctly LOL!
I just installed it now after seeing the results you posted for comparison. It says  50 SUSPICOUS.
It doesnt explain the difference as I went to the same website as you did with my chrome browser and the results I posted is what I got BEFORE I added the WR toolbar extension ( which I took off already) I have just the Webroot Filtering extention again as I did when I first checked the site with BrightCloud. So, we both should have received the same result.
Userlevel 7
@BB97 wrote:
I think I found the difference, looks like your result is for the link to the phshing test. I would not click links, my results are from the link in the original post http://www.amtso.org/feature-settings-check.html
I got the same result in Firefox. But I do not get any warnings from the Webroot filtering extension that it is a suspicious site,
Awesome checking work, thank you!
 
 
Userlevel 7
Badge +56
Also can you Save a Scan log and look near the end and you should see something like this.
 
Daniel
 
Sat 06-07-2013 10:59:46.0434    Blocked website: http://www.amtso.org/feature-settings-check-phishing-page.html
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0100007F.17856 - 0100007F.18112]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0100007F.18112 - 0100007F.17856]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.17858 - 9C8E7D4A.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.18882 - 0FE7A7D1.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.19138 - 7C2BC2AD.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.20162 - 7B2BC2AD.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.21442 - 8DE27D4A.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.21954 - 7A2BC2AD.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.22466 - 5DF94740.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.22978 - 63F94740.47873]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.451 - 5671B205.20480]
Sat 06-07-2013 10:59:46.0450    Closed network connection: [0B00A8C0.963 - 5671B205.20480]
 
Sat 06-07-2013 14:09:45.0948    Blocked website: http://www.amtso.org/feature-settings-check-drive-by-download.html
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0100007F.11712 - 0100007F.11968]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0100007F.11968 - 0100007F.11712]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35008 - 6DE27D4A.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35264 - 4D2BC2AD.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35520 - 5DF94740.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.35776 - 2354B942.47873]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.26561 - 9DC17D4A.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.27073 - 0FE7A7D1.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.27329 - 9CE27D4A.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.28353 - 9BE27D4A.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.15810 - 5671B205.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.16322 - 5671B205.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.18626 - FAEE28BC.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.18882 - FAEE28BC.20480]
Sat 06-07-2013 14:09:45.0948    Closed network connection: [0B00A8C0.19138 - FAEE28BC.20480]
 
Sat 06-07-2013 14:10:43.0425    Infection detected: c:usersdanielappdatalocal emp5skg3z6y.exe.part [MD5: 0BB291750D42B911EA63FB71D180927C] [3/00080000] [W32.Trojan.Gen]
Sat 06-07-2013 14:10:43.0425    File blocked in realtime: c:usersdanielappdatalocal emp5skg3z6y.exe.part [MD5: 0BB291750D42B911EA63FB71D180927C, Size: 33280 bytes] [524288/00000003] [W32.Trojan.Gen]
 
Sat 06-07-2013 14:10:46.0467    Infection detected: c:usersdanieldownloadspotentiallyunwanted.exe [MD5: 0BB291750D42B911EA63FB71D180927C] [3/00080000] [W32.Trojan.Gen]
Sat 06-07-2013 14:10:46.0467    File blocked in realtime: c:usersdanieldownloadspotentiallyunwanted.exe [MD5: 0BB291750D42B911EA63FB71D180927C, Size: 33280 bytes] [524288/00000003] [W32.Trojan.Gen]
 
Sat 06-07-2013 14:11:57.0526    Infection detected: c:usersdanieldownloadscloudcar.exe [MD5: 3FB121FBBCCB27969668CC36D0A8F15B] [3/00080000] [W32.Malware.Heur.Dkvt]
Sat 06-07-2013 14:11:57.0526    File blocked in realtime: c:usersdanieldownloadscloudcar.exe [MD5: 3FB121FBBCCB27969668CC36D0A8F15B, Size: 7178 bytes] [524288/00000003] [W32.Malware.Heur.Dkvt]
 
Sat 06-07-2013 14:12:55.0029    Infection detected: c:usersdanielappdatalocal emplrqho0qa.com.part [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [29/00080200] [(null)
 
 
 
 
Userlevel 7
Badge +56
Hello liontamer and Welcome to the Webroot Community Forums! 


 
Can you check your Browsers Extensions and look for the Webroot Filtering Extension and the version like I have 1.0.0.26 it should show in IE, Chrome, Firefox & Safari are only supported and please let us know. And I will check and test Metro IE.
 
Metro IE11
 
"With very few exceptions, it doesn’t allow plug-ins or add-in programs, extensions, toolbars, or anything that may gum up the works. Yes, that means you can’t use Microsoft Silverlight, Microsoft ActiveX controls, the Java Runtime Environment (which Microsoft used to distribute as part of Windows), the Internet Explorer Developer Toolbar or the Bing Toolbar, (er, Bing Bar), or the MSN Toolbar.In fact, you can’t even use Microsoft add-ins, plugins, or toolbars, much less those from other companies like Ask or Yahoo!.By getting rid of all the junk (including many pieces of flotsam created, distributed, and promoted by Microsoft), Metro IE is considerably faster, more uniform, easier on the battery, and much more secure than any other version of IE, ever."
 
http://www.dummies.com/how-to/content/the-two-faces-of-internet-explorer-in-windows-81.html

 
And I have the Extensions in IE11 & Chrome Win 8.1 Pro x64!

 



 



 
Thanks,
 
TH
Userlevel 7
Badge +56
Can you please do a clean reinstall of WSA? Download a Copy Here and make sure you have a copy of your keycode then Uninstall WSA and Reboot and install with the new installer let it finish it's install scan then Reboot once again and please let us know if that fixes it for you?
 
Thanks,
 
TH
Userlevel 7
Badge +56
Yea but WSA still should install the Chrome Folder and file in WRData either way even if you don't have Chrome installed! So I would suggest that he Submit a Support Ticket to find out why it's not installed. And please let us know the outcome as it could help others!
 
Thanks,
 
Daniel ;)
 


 

Userlevel 7
An excellent observation...;)
 
I have check the contents of the Chrome folder under WRDATAPKG and it has a couple of .crx file residing in it.  I presuem that these are the add on components for the browser to use.  What is interesting in ,y case is that the Password Manager add-on is installed and enabled (by a 3rd party) but not a trace of the Filteriing add-on.
 
Will have to do some digging further on this.
 
BTW, have checked in both IE & FF and both show the correct add-ons installed & enabled...so from my perspective it is only Chrome that seems to have the issue.
 
Liontamer, do you also use IE or FF?  If so could you see what the add on position is re. which ever you do use in addition to Chrome?
 
Cheers, Baldrick
Userlevel 7
Badge +56
I had the same problem but I had the files in WRData and just dragged both into Chrome Extension page and they installed so I have the Web Filter & Password Manager.
 
HTH,
 
Daniel 😉
Userlevel 7
Badge +56
@ wrote:
Nic, @  am wondering if there is anything that you can suggest to assist liontamer in getting this sorted.  The ability to replicate the same issue on a 2nd system does seem to me to suggest a software rather than hardware-related issue.
 
liontamer, what version of Chrome and WSA are you using?  I think that I read that your Chrome was at v35 which is pretty up to date if I recall as I am only on v33...so perhaps it is a very recently introduced compatability issue between Chrome & WSA?  And your version of WSA is?
 
Regards
 
 
Baldrick
Sure, let me see what I can find out from some folks here.
Userlevel 7
Badge +56
@ wrote:
Hi Nic, understand that you are coming in cold here and the thread is long...so take a look at and around this previous post from the thread:
 
https://community.webroot.com/t5/Tips-and-Tricks/How-Well-is-Your-System-Protected-Five-Simple-Test-from-AMTSO/m-p/86616#M687
 
Daniel has done his usual sterling job of illustrating the issue.
 
Hope that clarifies the issue that liontamer has?
 
Regards
 
 
Baldrick
Sorry, I am coming in cold so I might be rehashing stuff you've already gone over 🙂
Userlevel 3
Not sure I understand. I wasn't looking for or expecting a toolbar...just an extension that would enable Webroot in Chrome itself. I think Baldrick explained it much better than I could, and I apologize for that and thank Baldrick for the info!
 
 
Userlevel 3
Not at all...I just don't know enough about the product to be able to provide the type of info you need.

I'm taking up too much of everyone's time, and am about to let it go anyway. It's just one of those things that will iron out, one way or another. I'd hoped the info was something that would help others, but I think I may be alone on this one.

Thanks
Userlevel 3
Excellent advice...and I'll take you up on it. I'll check back in from time to time, and let you know if anything changes.
 
Good to know I'm still protected even without that extension, for sure. Have a good night...and thanks!
 
Bob
Userlevel 7
Badge +56
Hi Bob,
 
One thing I can suggest is to install Revo Uninstaller Pro Trial because it's the only one that will work on 64bit and Uninstall WSA with Revo Pro in Advance mode and delete everything that comes up then REBOOT and reinstall WSA let it finish it's install scan and REBOOT once again and check to see if the Extension installed in Chrome and if not check WRData to see if you have the Chrome Folder and Extension as well and let us know! Also remember to have a copy of your keycode before doing so! Just in case here is the download link again http://anywhere.webrootcloudav.com/zerol/wsainstall.exe for a new installer. Also we will see if @ has something he can add!
 
Thanks,
 
TH
 
Userlevel 7
Badge +56
Hi Bob, sorry thing's aren't working out for you I would contact support again and ask for a Remote Session because that is a very odd issue as your not getting the Chrome Folder in the WRDataPKGChrome. Also do you have any other Security software running in realtime with WSA? If you do can you disable it and try another clean reinstall with the Reboot's to see if that works. If that doesn't work we have gone as far as we can go on the Forums so the support inbox is the only place they can help you more and again ask for a Remote Session as I would like to see this get fixed for you.
 
Thanks,
 
Daniel
Userlevel 3
Hello TH....I did call for that purpose, but was told the estimated hold time would be 40 minutes. I called at a bad time I'm sure, as business typically picks up in the early evening after work, so I'll try again this morning.

What contributes to the strangeness is that it is on two of my Windows 8.1 machines, the Surface Pro and the ThinkPad X61. That suggests to me that it isn't a hardware issue at all and that there is some type of a conflict between WSA and the late versions of Chrome, but support wasn't able to replicate it.

I'm not running any other Security software, no. I now have Malware Bytes installed, just in case of a disaster, and some good backups. I do have time left on a Bitdefender product, which I could install, but WSA has such a small footprint, it's perfect for both of my SSD (storage space challenged) machines. I'd like to get it worked out anyway, as I'm sure it's not just me having this issue. The Surface Pro has very little installed excepting MS Office, so it's not much more than a virgin machine (haven't had enough time to corrupt!).

I agree that we've gone as far as we can on the forum with this, and if I get any positive results from tech support live, I'll post for the benefit of others. I certainly appreciate everyone's efforts and support!

Thanks,

Bob
Userlevel 7
Badge +56
Hi Bob can you do it again through the Ticket System I really would like to get to the bottom of this because WSA should be installing the Chrome Folder with the Extension even if you don't have Chrome installed that's the whole point and even add the link to this post so they can see what we tried and be firm that you want a Remote Session and get them to install it! @ @ 
 
Thanks,
 
Daniel

Reply