Through testing some "unknown to Webroot (or any other AV)" malware, I feel WebRoot may be insufficient protection for my clients. By allowing untrusted code to run, it seems a lot of ransomware can get through without a lot of difficulty (the first ransomware-as-a-service a colleague tried with Webroot was successful while other well known competing AVs were able to block it with their own heuristics. Webroots heuristics were turned to max also.
While it might be possible to do rollback, WebRoot doesn't do rollback on network drives and unknown applications are allowed access to these resources. Since this is often deployed as a business AV solution, this is unacceptable.
Is there functionality in WebRoot currently, or that could be easily added to straight up block execution of unknown executables (as a configurable option of course) -- ideally whitelisting anything SIGNED by a trusted entity (eg. Microsoft)? Or is there a way I can already do this?
I know that I could use SRP in Windows, but I feel this would be better handled within Webroot since it already has such a vast intelligence pool of known good and bad hashes. Also SRP may be deprecated in future releases based on notes in Win 10 1809. And Applocker requires Windows 10 Enterprise, an expense many businesses are unwilling to budget for.
Thanks in advance for either a configuration setting that would allow this, or to have this feature added to your roadmap.