Solved

ID Shield Issue on Hungarian OS

  • 29 January 2013
  • 1 reply
  • 836 views

Userlevel 2
Badge
Hi,
 
I work with (implement) Webroot protceted systems for 8+ years, so I have always interested in the development of this company and its products. I was one of the beta testers of the new WSA product, too.
 
Now, I tell you this because soon after the public release at the end of 2011 I noticed the the ID shiled stopped protecting my machine - and some tests proved it happened on every pc we tested. I have reported this some times already buit still I see it is not working at all.
 
Having done some more tests, I fugred out that my very first thougth of the cause being my Hungarian OS was wrong - it does not protect on English OS either.
 
Furthermore, support now keeps telling me that ID shiled shall protect browsers only - but as you will see below, the beta protected _any_ app I added to the protceted app list. Well, otherwise why is there a possiblity to maynually add any app? All the browsers are auto-added upon first run.
 
Sidenote: the keylogger were put into monitor mode automatically - something that you expect if WSA faces a new threat - so that was ok and tests were done with this automatic setting.
 
So, yes, I still have an open support ticket, just want to see if anyone else experienced tha same so far?
 
Today I created a short video that demonstrates a keylogger test with the 2011 public beta and the most recent version, you may get it from here:
 
http://www.filedropper.com/webrootwsaidshiledbug-ready
 
It went wrong at about the end of 2011 because on the Infosec London event in Apr 2012 I already showed it working bad to Webroot in person at their booth.
 
I am looking forward to the fix from development.
 
PS. the firewall leak tester is hard to get from the internet nowadays, but you may test other keylogger such as Raxco Keylogger Simulation test software. I had the same results with that.
 
*edit for more appropriate subject line in light of support's conclusions
icon

Best answer by JimM 5 February 2013, 20:42

View original

1 reply

Userlevel 7
There are a couple of conclusions that came out of the support case:
 
1. The keylogger application you were testing with was whitelisted because it's a testing application, thus allowing it to run at all.
 
2. It looks like the issue actually is a localized OS-specific issue.  The code in the program wasn't designed for that language.
 
However...
3. We're going to get this issue taken care of in the next Beta build hopefully, which Support is providing you with.
 
If the Beta takes care of the issue for you, please let us know.  🙂

Reply