I wish to mention here my problem with Webroot Threat Research:
I have a customer who has 5700+ undetermined software in the 'All undetermined software seen' report for months.
(And some more customers with 1000+ undetermined software)
First of all, I do not understand how this can happen? Actually, I expect Webroot Threat Research to classify all undetermined software as soon as possible, otherwise how could Webroot guarantee that there are not any malware among them --- that are being able to run on the endpoint thanks to the way WSA client is developed, it will run just until the client receives the BAD classification from the cloud. But it looks like many thousand software are simply never gets classified. So in my reading, a malware can simply run anytime for quite a long time (eg. for month as in our case).
I think the expected approach from Webroot is that in case of undetermined objects added to the list and the reported to the cloud then Webroot shall process it ASAP (just like any other AV lab in the world) and classify so that in quite a soon time (most likely in less time than AV competitors) we shall see Webroot's classification in the console. Then we can feel safe and protected and supported good. Otherwise, how could Webroot ensure that viruses ever get recognized (especially targeted malware) if this list is not processed for ALL Webroot users?
I have been constantly asking Webroot for months now support to classify all our undetermined software one-by-one but they just wrote me:
"Most of the undetermined software has only been seen on one PC in the environment and by determining these files, it is very time consuming with not much of an effect other than not showing up on the undetermined list on your side."
So if this is the official Webroot Support / Threat Research approach, how can we expect Webroot protect against such targeted malware like the one mentioned here:
Best answer by DanPView original