Solved

Remediation of found viruses.

  • 21 June 2012
  • 4 replies
  • 3353 views

Userlevel 4
When WebRoot 'cleans' a found virus does it remove the virus from the executable or does it just block the file?
icon

Best answer by Shawn 21 June 2012, 22:21

Hello,
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
 
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support
View original

4 replies

Userlevel 4
Really good answer!  Thanks!
Userlevel 5
Hello,
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
 
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support
Userlevel 4
Didn't PrevX 'fix' any executable that it could and only block or delete items it couldn't fix?
Userlevel 5
Hello,
When an executable is determined as bad and tries to execute on a system it will be blocked and all components will be quarantined.
We are currently looking into your issue and a member of our threat research team will be contacting you to take a deeper look at this system. There is a chance that this may be a new variant of an older infection and we may need samples to better understand this infection.
 
Thank you,
Webroot Enterprise Support

Reply