Webroot DNS Protection

  • 22 September 2017
  • 2 replies
  • 99 views

Webroot DNS Protection does  gives the option to review unprotected sites. A client at work clicked on continue on an unprotected site, which later downloaded a malware that made files duplicate, had to disallow user from the Domain then next our Response and Detection System. 
 
How flexible is it to totally disallow client access to reported malicious websites?
 

2 replies

Userlevel 6
Badge +26
DNS Protection is more than likely not what allowed this user to continue. It blocks without regard and presents the user with a blocked page and no option to continue.
 
 
Was the WSAB agent on board to stop Malware from intruding? Was the PUA Policy setting turned on?
Yes please WSAB was on-board, PUA Policy setting was turned on. 
 
However, after some malware analysis. i discovered the link where my client downloaded the malware from is a legit website that was recently compromised. Also, the malware seem to be able to pass WSAB detection for some reason. 
 
Going forward, How feasible is it, for system/security administrators using webroot products able to report malware details like the C2 server, domain, filename for taken down by webroot?
 
 

Reply