I’ve ended up here as I’m not quite sure where else to go for dialog. I'm not sure if I'm correct or incorrect in my approach. I'm interested in the greater opinion!
Where I work, we have a fairly sensitive IT manager, who on seeing a Webroot Alert will shout 'fire fire fire' and shut everything and everyone down until a full investigation has been undertaken. This gets fairly wearing as every alert generates a lot of work. (Usually to no benefit) He has a particular urgency for Trojan notifications.
Now, while I appreciate the sentiment, I can't help be get ever frustrated at this approach. I am under the (correct/incorrect?) impression that an alert from Webroot is a GOOD thing and that nothing has been executed/infected. Although I do agree that a quiet investigation is probably necessary to ensure that an infection hasn't taken hold.
So my question/discussion point is this - if Webroot highlights an 'infection', is the detection done at a safe point i.e. pre execution, or a danger-point i.e. post execution? I've always assumed detection was pre-execution and as a consequence, my reaction is usually more considered and less panicked.
Thoughts, comments, opinions, welcome