Solved

firewall sugestion and way to configure webroot to agresive mode and test like eicar


Userlevel 2
My final cuestion was i want to configure webroot in more agresive mode i know webroot dont scan on acces it only on execute, when a malware ineracts whith the pc and block it, but i want to test it safetly not whith malware but yes whith eicar, and want to know if ie 11 was compatible whith webroot.
 
Second one i want you sugest me a fw not windows 8 embebed or comodo fw 
 
Third one i have a life time licence of win patrol can i use it whith sugested fw and webroot?
 
Are a way to configure webroot to agresive mode?
icon

Best answer by Baldrick 6 April 2014, 18:43

Hi aktiffk
 
I will try to explain simply; WSA works on the principle that a piece of malware is just a piece of code if it is not active, i.e., no different to any other piece of code.  But once that piece of code is activated/tries to run and it is identified as bad, i.e, a virus, a Trojan, to name but a few types, then WSA springs into action to either block the action of the bad piece of code or disinfect the system if the bad code has caused issues.
 
In fact it goes one better in that if you download and run something that it does not recognise/cannot classify as either good or bad; so it is uncertain at that point it automatically starts to 'monitor' any actions that the unclassified codes is doing and records what it does (called journaling).  Then later if the piece of code being monitored is identified as bad WSA will roll back/reverse the actions of that piece of code based on what it has monitored/recorded it doing...cool, isn't it?:D
 
So it will do just as well as other mainline security application...and better in my humble opinion...just in a different way (again better in my humble opinion) and you do not have to download large signature files as all the analysis is done in the cloud.
 
Well, I hope that explains things a little better/easily for you?  If you have any follow up questions then please post them here and we will do our best to explain/answer.:D
 
Regards
 
 
 
Baldrick

View original

29 replies

Userlevel 7
Badge +51
First off, it's important to understand that the WSA firewall works differently than a traditional firewall in that it works together with the Windows firewall, functioning as the outbound component while the Windows firewall takes care of the inbound traffic. More specifically, it blocks malicious data traffic coming onto your computer. Basically, when both are turned on, they work in tandem to monitor data traffic coming in and out of your computer ports, looking for untrusted process that try to connect to the internet. The result is an intelligent and hassle-free firewall that unintrusively performs in the background, letting our powerful antivirus work it's magic and only steps in if it misses something. 

Windows 8 presents certain technological limitations to our current firewall implementation and we are evaluating our options in light of those limitations. The operating system itself is locked down in certain respects that limit what third-party firewalls are capable of, which is why you don't see some of the features in Windows 8 that you would otherwise see in older versions of Windows.
The Webroot SecureAnywhere firewall and software is compatible with any other antivirus or firewall application, so you should have no problem running our software alongside your other antivirus/firewall. While it is possible for another antivirus or firewall application to interfere with WSA, no part of Webroot should interfere with other firewalls as WSA is built to recognize and co-exist with other legitimate antivirus/firewall applications. Running the Windows firewall alongside our program is recommended and sufficient because the Windows firewall is effective against hostile inbound connections, whereas SecureAnywhere provides effective outbound protection.
 
"Are a way to configure webroot to agresive mode?"
 



 
 
 
Regards
Petr
Userlevel 2
Thanks i understand is like firewall booster of trend micro  another cuestion what about win patrol i have a life time licence and never use it  because another av software  are incompatible can i use win patrol along side webroot, and wha about the test? can i do a test like eicar test, i dont want to download al ist o malware to infectme intentionality only want to see how webroot manage this whith a safe test like eicar . Fnally i dont know how webshield works on windows 8.1 i have chrome browser and ie 11 but dont see  green or red tlies like other products sorry  i am new and hope stop to cuestion and star t to helpl
Userlevel 7
aktiffk wrote:
Second one i want you sugest me a fw not windows 8 embebed or comodo fw 
 
Personally I don't like Comodo, however it don't say that it's a bad software.
I would definitely stay with Windows Firewall for the simple reason - in my opinion - it's fully sufficient.
If you are connected to the internet via router with FW options or hidden behind NAT I think there is no need to change anything.
If you would like to have better control on outgoing connections in Windows 8 you can always configure them in Windows Firewall Settings.
 
Regards,
 
Mike
Userlevel 2
hey  i have activated the fw of windows affter install webroot and then uninstall webroot and stay windows firewall active and i dont see some options in your screen shot
 
 
Userlevel 2
I can nnot show you the screen shot of my fw options on webroot  but i want to see the yours i think something dont appear on my options
 
Userlevel 2
I refer the options down antipishing protecction allow all conections etc
 i can not insert the image
 
Userlevel 7
Hi Alberto
 
You can certainly run the eicar-related tests...I have done so...to see how WSA reacts.  They should cause you no issues.
 
In terms of the Web Shield under Chrome what should happen is that after install of WSA the next time you start Chrome the browser should offer you the new extension to activate...if you have not seen that then it is best to check if it is installed.
 
You do that by opening 'Settings' and then navigating to Tools and then Extensions, and on the page opened by clicking on Extensions you should see an entry for it as per below
 


 
If it is not there then for some reason the installation did not work.  Now you can unininstall WSA and then reinstall to see if it will fix it.  But there is a quicker way...what you need to do re. your extension for Chrome under Windows is to locate the .crx package, the current one should be called CHROME_1.1.0.32.crx, and you should find it in the following location (assuming you have installed WS normally)
 
C:ProgramDataWRDataPKGChrome
 
You then just drag the file into an open page in Chrome, from where it should attempt an install...to which you say 'Yes'...and you are installed.
 
Give that a try and let us know how you get on.
 
Regards
 
 
 
Userlevel 7
Hi aktiffk
 
Not sure what you are referring to when you say "i dont see some options in your screen shot".  Are you referring to the options under the Heuristics tab?  If so then exactly which options are you missing as I am looking at my Win8.1 system and it looks just kike the screenshot posted earlier.
 
Regards
 
 
Baldrick
Userlevel 7
Hello aktiffk, regarding the firewall functionality of WSA, combined with Windows FW etc. I'd recommend you have a read of this thread, as it has a lot of good info:  https:///t5/Webroot-SecureAnywhere-Antivirus/does-Webroot-Secure-AV-have-a-firewall-or-not/m-p/78059#M4951
 
 
Userlevel 7

@aktiffk wrote:
I refer the options down antipishing protecction allow all conections etc
 i can not insert the image
 

In this case are you referring to what you are seeing under PC Security (click on gear/cog symbol) and then take the View Active Connections that you see at the bottom right hand corner of the Scan & Shields tab?
 
If not then please add in the navigations/path you used to get to the panel you are referring to so that I can try to replicate that on my system.
 
I should point out that under Win8.1 the adjustment of  the WSA Firewall is limited due to the way that the WIndows Firewall has been locked down by Microsoft and so some of the control that is available under Win 7 is not under Win 8/8.1.  But that should not be a worry as you are still exceptionally well protected....by having WSA  AND Windows Firewall switched on.  Some do prefer more control and so they close the WIndows Firewall and install another, pure Firewall appplication such as PrivateFirewall or the like...and WSA plays nicely with that too.
 
I await your further details.
 
Regards
 
 
Baldrick
Userlevel 2
Sorry for the deelay i down sleep and can no awake i hace a very dificult examen yesterday and .... Fall in sleep. Sorry .
 
I resume my incoherent cuestions in that
 
First i see the ie and chrome plug ins for safe browser works well
 
Second one  I check the webroot help document here http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C4_Firewall/CH4b_ChangingFirewallAlertSettings.htm
 
And in this section i see  8 options on fw seetings but i only  have the first 4  the another 4 dont appear i install and uninstall webroot, put the  fw of windows 8.1 on and dont appear the options who says
 
Allow process to conect to  internet  unless explicity blocket
 
Warn If any new untrustetd process  conect to the internet if the computer is infected
 
Warn if an new untrusted process conect to internet
 
Warn if any process conect to internet unlss explicity allowed
 
 
Why that options dont appear in advanced seetings of the fw
 
how can i check the fw works well?
 
I am using and administrator account
 
Wait your kindly answer thank you to all
 
 
Userlevel 7
Badge +55

@Baldrick wrote:
 
I should point out that under Win8.1 the adjustment of  the WSA Firewall is limited due to the way that the WIndows Firewall has been locked down by Microsoft and so some of the control that is available under Win 7 is not under Win 8/8.1.  But that should not be a worry as you are still exceptionally well protected....by having WSA  AND Windows Firewall switched on.  Some do prefer more control and so they close the WIndows Firewall and install another, pure Firewall appplication such as PrivateFirewall or the like...and WSA plays nicely with that too.
 

 See what Bladrick said here about Windows 8.1 above!
 
Thanks,
 
Daniel ;)
Userlevel 2
I ser that options mentioned above dont appear because Windows 8 restrictions. I like private fw but do you think that was necesary and how configure webroot to install it do you think that overload my s.o
Userlevel 7
Badge +55
Windows 8.1 Firewall is great with WSA's Firewall and you don't need more as it says here: http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C4_Firewall/CH4a_ManagingFirewall.htm
 

Managing the firewall

The SecureAnywhere firewall monitors data traffic traveling out of your computer ports. It looks for untrusted processes that try to connect to the Internet and steal your personal information. It works with the Windows firewall, which monitors data traffic coming into your computer. With both the SecureAnywhere and Windows firewall turned on, your data has complete inbound and outbound protection.
You should not turn off either the Windows firewall or the SecureAnywhere firewall. If they are disabled, your system is open to many types of threats whenever you connect to the Internet or to a network. These firewalls can block malware, hacking attempts, and other online threats before they can cause damage to your system or compromise your security.
 
 
HTH,
 
Daniel ;)
Userlevel 2
Final y i have dont worry to dont ser that options i mentioned above
Userlevel 7
Badge +55
No worries just make sure Windows Firewall is on!
 
Cheers,
 
Daniel ;)
Userlevel 2
Thank you all and to close what about eicar test ? I download files and webroot dont react but if i scan whith rigth click it detecta. Its normal? Its secure? Kaspersky Or cómodo reacts before the eicar file comes to my pc
Userlevel 7
Badge +55
Eicar is a Test so it doesn't do anything malicious and unreliable see these 2 Videos: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202
 
And this one is an hour long so when you have time watch it!
 
https://www.youtube.com/watch?v=vjg6Sh862cA

 
 
 Cheers,
 
Daniel ;)
 


 
 


Userlevel 2
Daniel my listening on English no good i dont understand how esa prevents and cure infections as i can ser the videoa its sffter a compromised sistem
Userlevel 2
Sorry but i dont understand the enlish videos In the first  i see the girl compromised a system and desinfect whith webroot. It means webroot only desinfects compromised systems?. Second the other video talks about cloud tecnology. I want to know  if webroot prevents infection or only desinfects compromised and infected systems and because i perform the eicar test,. I see have good capabilities of desinfection but what about prevention i dont install rare software and only use it on virtual enviroment, but it worries me i see some antiviruses prevent malicious downloads and see another dont paid and free products, avast bypass iecar test ssl  norton too  bitdefender too but kaspersky and comodo dont, panda dont too. It not means i dont trust on webroot i only want to learn more and my listening on english are too bad
Userlevel 7
Hi aktiffk
 
I will try to explain simply; WSA works on the principle that a piece of malware is just a piece of code if it is not active, i.e., no different to any other piece of code.  But once that piece of code is activated/tries to run and it is identified as bad, i.e, a virus, a Trojan, to name but a few types, then WSA springs into action to either block the action of the bad piece of code or disinfect the system if the bad code has caused issues.
 
In fact it goes one better in that if you download and run something that it does not recognise/cannot classify as either good or bad; so it is uncertain at that point it automatically starts to 'monitor' any actions that the unclassified codes is doing and records what it does (called journaling).  Then later if the piece of code being monitored is identified as bad WSA will roll back/reverse the actions of that piece of code based on what it has monitored/recorded it doing...cool, isn't it?:D
 
So it will do just as well as other mainline security application...and better in my humble opinion...just in a different way (again better in my humble opinion) and you do not have to download large signature files as all the analysis is done in the cloud.
 
Well, I hope that explains things a little better/easily for you?  If you have any follow up questions then please post them here and we will do our best to explain/answer.:D
 
Regards
 
 
 
Baldrick
Userlevel 7

@Baldrick wrote:
I will try to explain simply; WSA works on the principle that a piece of malware is just a piece of code if it is not active, i.e., no different to any other piece of code.  But once that piece of code is activated/tries to run and it is identified as bad, i.e, a virus, a torjan, to name but a few types, then WSA springs into action to either block the action of the bad piece of code or disinfect the system if the bad code has caused issues.

As a result, WSA works so fast and is so light to the hardware resources that practically there is no difference eg. in the startup time of the clean OS and the OS protected by WSA (confirmed in tests by PCMag), there are also no slowdowns.
Here reveals a great advantage of WSA over traditional AVs activities boils down to the fact that each single file must be compared with the downloaded signatures of threats which requires a lot of operations, overloading CPU and RAM, doing a lot of reads and writes on your HDD or SSD. 
WSA is still monitoring the situation and in case of the real need goes into action not giving the malware and threats any chances.

@Baldrick wrote:
In fact it goes one better in that if you download and run something that it does not recognise/cannot classify as either good or bad; so it is uncertain at that point it automatically starts to 'monitor' any actions that the unclassified codes is doing and records what it does (called journalling).  Thern laterif the peice of code being monitored is identified as bad WSA will roll back/reverse the actions of that piece of code based on what it has monitored/recorded it doing...cool, isn't it?:D

Journalling is one of the main reasons why I ❤ WSA ;)
WSA not only eliminates malware and threats but also cleans up the mess they've done before.

@Baldrick wrote:
Well, I hope that explains things a little better/easily for you?  

In my opinion it is a great explantion, understandable and very useful for users who are just starting their adventure with WSA.
Well done Baldrick! :D 
 
Regards,
 
Mike
 

 
 
Userlevel 7
Unfortunately, there's not a...short version but complete way of explaining the differences between Webroot and other vendors. @Baldrick makes a great stab at it and explains the high-level concept very well. 
 
There are trade-offs in Webroot's approach. Unfortunately, debating those trade-offs in detail is really only possible with a good understanding of how malware operates, how Windows operates, and how Windows machines become infected.
 
WSA may not be as ruthlessly protective over every single action that occurs on the computer, specifically ones that are not immediately threatening. For example, downloading a zip file with a virus inside poses virtually no threat to a computer. The infection is inside the .zip file. It's only when the contents of the .zip are extracted and begin executing that it's an actual direct threat. I am excluding fringe theoretical cases.
 
I've been weighing writing a short document about this, but that's really something Webroot should be doing. However, they don't like discussing their technical methodology and reasoning in much detail for general public consumption.
Userlevel 7
Thanks, Mike...that is good of you.
 
Hopefully it will help at least with the start of the understanding as to why WSA is so special and the very good reasons that we users are such fans/have such confidence in the product.
 
Perhaps we could take what you have added/commented in your post and add it together to make an even better explicative piece that we can 'can' and make avaialble to all users so that if any of them spot a similar situation where a user is having issues with understanding they can just reproduce the canned reply?  What do you think?
 
Baldrick
Userlevel 7

@explanoit wrote:
Unfortunately, there's not a...short version but complete way of explaining the differences between Webroot and other vendors. @Baldrick makes a great stab at it and explains the high-level concept very well. 
 
There are trade-offs in Webroot's approach. Unfortunately, debating those trade-offs in detail is really only possible with a good understanding of how malware operates, how Windows operates, and how Windows machines become infected.
 
WSA may not be as ruthlessly protective over every single action that occurs on the computer, specifically ones that are not immediately threatening. For example, downloading a zip file with a virus inside poses virtually no threat to a computer. The infection is inside the .zip file. It's only when the contents of the .zip are extracted and begin executing that it's an actual direct threat. I am excluding fringe theoretical cases.
 
I've been weighing writing a short document about this, but that's really something Webroot should be doing. However, they don't like discussing their technical methodology and reasoning in much detail for general public consumption.

Hi explanoit
 
Even more good points to add into a canned reply for the tool box...may we use some of what you have written above in an expanded piece?
 
BTW, it is a shame that you have not wriiten that short document you mentioned...I am sure it would be excellent, given what I have read in your posts...think that comes from you industry background...which is invaluable in things like this.
 
Regards
 
 
Baldrick

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings