Undetermined Software does this get added to the "Global Pool"

  • 26 April 2015
  • 3 replies
  • 18 views

Hi all
This is my first question to the forum.
When you "Generate a Alll Undetermined Software Report"
Then select "Files" and apply "Good" to a policy. For example for Windows 10 (which comes up as Undetermined).
By doing the above process does this get sent to webroot?
 
I would think that if "X" people running webroot all say that this file is "Good" than it would automatically be moved out of the applied "Good" exception group to be applied to good "Gobal Pool".
 
Or is my thinking just a pie dream and no such process exists.
 
If so how do webroot get to find out about new files, as this I would see as fairly critical to the system.
 
Thanks Mark. 

3 replies

Userlevel 7
Badge +56
We do have a team of folks, called the Threat Research team, who go through all the unknowns in the database to classify them.  I'm not sure if they used data on what people have marked it manually in their console though, so let me find out.
Userlevel 7
Badge +35
Hello,
 
We do not have a process to automatically change the determinations of files that users create overrides for as you are describing. We do keep an eye out for Unknown files that have been seen on a large number of PCs in our user base, which is one of many ways that we identify files to be whitelisted. 
 
That a file is classified as Unknown should not be a concern, it simply means that the file has not been classified as Bad and has not been specifically whitelisted. Because our main focus is on classifying malicious files and not whitelisting, there will always be numerous files that remain Unknown. Files that are Unknown should only be a concern if there is a suspected infection or if the file is associated with an application that there appears to be an issue with. Support should be contacted and logs collected for analysis if there is suspected malware or application issues. If you our concerned about the Unknowns on your system you can send us your Undertermined software report through the support system.
 
-Dan
Thank you both for replies. I will need to think on how this changes how I manage my clients and the effort in making known files good.
 
Thanks
 
Mark

Reply