WSA for MAC OSX and Windows malware detection!


Userlevel 7
Badge +33
Hey,
 
Wanted to run something by you all as this has been on my mind and was also brought up to me by a client.
 
So in a scenario where a user has WSA on their OS X system, and they are exposed or have come into contact with malware designed for Windows based systems, say through an email attachment. The client and myself want to know if Webroot will detect it (it hasn't in some cases), those files and take action on them so that the OS X user doesn't become a mule to pass on malware to a Windows based user.
 
My fear is that since the Windows based malware can't technically "run" in an OS X environment, will the WSA agent simply ignore it and treat it just as a benign file because it can't execute anyway in OS X?
 
They've switched from ESET to Webroot and ESET used to detect whatever malware it saw regardless of whether or not it could run in the OS X environment.
 
Thoughts???

Thanks
John Hart
Nerds On Site
 

11 replies

Userlevel 7
Hello jhartnerd123,
WSA for the Mac will detect windows threats if you have it set to in the settings.  We use our SKY database which references the Enzo system that the Windows platform runs.  You should see a "W32.xxx.xxxx" detection when we find a windows threat.  Hope this helps, please let me know if you have any other Mac threat concerns.
Regards,
 
Userlevel 7
SkyDatabase and Enzo are the names that we give to our Threat Intelligence network.  Here is some information on how our Threat Intelligence system works... Webroot Threat Intelligence   
The mac product checks in with this system to determine any Windows malware, and it also has its own detection system that protects OS X. 
Userlevel 7
@ wrote:
Is that setting enabled by default? and where do I direct the user to go within the OS X version of WSA to turn this setting on?
 
What are the best recommended settings to maximize protection above the default ones for WSA OSX?
I would recommend leaving the defaults settings.  By these, we will scan for windows threats.
Userlevel 7
Under Advanced Settings > Scan Settings

Userlevel 7
You can submit the file for us to review,  What type of file is it?  
Userlevel 7

Userlevel 7
Badge +33
Is that setting enabled by default? and where do I direct the user to go within the OS X version of WSA to turn this setting on?
 
What are the best recommended settings to maximize protection above the default ones for WSA OSX?
Userlevel 7
Badge +33
And can you explain what the SKY database and Enzo systems are?
Userlevel 7
Badge +33
Where is the option within WSA for OS X to enable windows threat detection?  What's it called?
 
Userlevel 7
Badge +33
Is there a process we can go through if there is a known piece of malware for Windows or an exe we know is being picked up by other vendor products and Webroot misses it? We don't want it passed onto other users.
 
 
Userlevel 7
Badge +33
I believe it's  a zip file and contained within is an executable or a .pdf.exe or something to that effect.
 
If they are able to, I'll have the client submit it as well as open a support ticket.
 
Thanks again

Reply