While it might be possible to do rollback, WebRoot doesn't do rollback on network drives and unknown applications are allowed access to these resources. Since this is often deployed as a business AV solution, this is unacceptable.
Is there functionality in WebRoot currently, or that could be easily added to straight up block execution of unknown executables (as a configurable option of course) -- ideally whitelisting anything SIGNED by a trusted entity (eg. Microsoft)? Or is there a way I can already do this?
I know that I could use SRP in Windows, but I feel this would be better handled within Webroot since it already has such a vast intelligence pool of known good and bad hashes. Also SRP may be deprecated in future releases based on notes in Win 10 1809. And Applocker requires Windows 10 Enterprise, an expense many businesses are unwilling to budget for.
Thanks in advance for either a configuration setting that would allow this, or to have this feature added to your roadmap.
Best answer by coscooper
View original