Solved

No Webfiltering in IE 11 or Chrome

  • 20 November 2013
  • 57 replies
  • 1091 views

Userlevel 2
Hi..............I just installed WSA 2014 and so far I am not impressed. Please fix my problem. I have uninstalled and reinstalled 2x. There is no webshield/filter running or installed in either IE 11 or Chrome. I am using Win 7 Home Premium 64bit. There is also an ongoing thread at Wilders. I do not even have the crx file listed by Triple Helix. So what gives? IThe eicar test does not even get blocked. Thanks. 
 
http://www.wilderssecurity.com/showthread.php?t=356072
icon

Best answer by RetiredTripleHelix 3 December 2013, 01:54

Good to hear I also got your Bronco's Trial keycode on the same channel via our emails and the courtesy of brcoffey.


 
Daniel ;)
View original

57 replies

Userlevel 2
Seems good for now. :D
Userlevel 7
Badge +55
I'm glad your on the New Web Shield anyways so how is it working for you?
 
Daniel
Userlevel 2
Thank you Daniel. 
Userlevel 7
Badge +55
Good to hear I also got your Bronco's Trial keycode on the same channel via our emails and the courtesy of brcoffey.


 
Daniel 😉
Userlevel 2
Thank you Webroot support. Awesome turn around from the time of a submissions till the time my problem was resovled. Less then 24 hours. Never see that kind of support from ANY antivirus company. I was issued a new keycode which gave me the current 2014 web shield. Kudos. 
Userlevel 7
It looks like our engineer had created a new keycode with the new extension on it. He provided instructions on how to ensure that it is activated.
 
 
Userlevel 2
I would like some response on this. I now purchased WSA for 1 year. Still NO web shield at all. No 2013 web shield and NO 2014 web shield. This is a fresh install of WSA also. What gives? Thanks. 
Userlevel 7
You are correct @ in that WSA does fall down when it comes to instant/static detection rates and that it's not a good thing.
My position is that their other innovations, user experience benefits, buttressing and final outcomes outweigh those negatives. But if that is a metric that you cannot compromise on then your opinion is perfectly reasonable.
Userlevel 2
WSA is a cloud based scanner. So is Panda. But yet Panda works like a charm and achieved 100% detection in the latest AV-C test. 
Userlevel 7
In the end, I care about malware's ability to infiltrate a machine after execution and stay in it.
 
If you care about deep local inspection of files and are not interested in other facets of the Webroot solution or approach, then I concede that this is definitely not a product for you. I completely respect that approach and I have in fact questioned Webroot directly about their static executable analysis and detection rates.
Userlevel 2
I downloaded the eicar.com file. Chrome gives a warning. I allow it and it downloads. I right click on the eicar.com file and WSA detects and removes it. 
Userlevel 2
LOL.........................explanoit................Please DO NOT reply unless you have read the entire thread. Do you honestly think I do not know what the eicar test is? And in my eyes WSA fails it. CIS,AIS,NIS,KIS,AVG,Avira,Panda and Qhioo all detect the eicar test. Either by blocking the download entirely or when it is finished. WSA does nothing. 
Userlevel 7
Hi GTR707,
As I stated in my previous post, static scans of executables sitting on a disk are not something you can judge an antivirus based on. Antivirus can only be truly measured in real-world conditions where a malicious executable is launched on physical hardware. This is the position of every major antivirus vendor, including Symantec, and even VirusTotal which provides the results of static scans. The antivirus testing organizations recognize this as well, and one is even redesigning their testing protocols to take into account the way that WSA works compared to other products.
 
Malware is such a complex problem with such complex solutions that it can not be tested simply. In fact, malware is designed to not do anything if it detects a testing scenario, further complicating issues.
 
In the nineties a method was developed to safely test if an antivirus is actually engaged in protecting a machine. It is called the EICAR test file and you can find it here. http://www.eicar.org/86-0-Intended-use.html
Userlevel 2
Lol...............You dont need a VM when you have a clean system image handy you can mount. So how is anyone suppose to know WSA is actually working if you dont test it? I have tried just about every av out there and never an issue as seen with WSA. Even running a full scan yeidls nothing on that file. 
Userlevel 7
Are you saying the right-click scan is not showing any GUI menu, or that it's not detecting anything?
 
Static virus scans are not very effective, especially since the WSA technology stack does not have a heavy local analysis component. This is why WSA is the fastest on the market.
 
In order to test WSA effectiveness you need an isolated network and VM since it will require actually triggering execution and monitoring progression. At that point it will be detected, or sandboxed until it's detected. For this reason it's not possible for someone without a specialized setup to actually test functionality except by using EICAR test file. Ultimately, right click scans are artificial scenarios that can not be used to judge any company's antivirus suite's level of effectiveness. It just so happens that WSA is especially weak in this area because of it's different approach. What matters is the end result.
 
VirusTotal themselves have taken a position on this issue, which I've pasted below:
 
BAD IDEA: VirusTotal for antivirus/URL scannertestingAt VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being:
  • VirusTotal's antivirus engines are commandline versions, so depending on the product, they will not behave exactly the same as the desktop versions: for instance, desktop solutions may use techniques based on behavioural analysis and count with personal firewalls that may decrease entry points and mitigate propagation, etc.
  • In VirusTotal desktop-oriented solutions coexist with perimeter-oriented solutions; heuristics in this latter group may be more aggressive and paranoid, since the impact of false positives is less visible in the perimeter. It is simply not fair to compare both groups.
  • Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.
These are just three examples illustrating why using VirusTotal for antivirus testing is a bad idea. The Prevx team also made an entry in their blog discussing the matter.
Userlevel 7
Badge +55
That's nothing to do with the Web Shield and the PM is there now.
Userlevel 2
What PM? Nothing in my inbox.
 
Another missed sample.
 
https://www.virustotal.com/en/file/f0aafc029ce0ab9dbb87b0ad2f320a776f07371778f198cb5eda3f8da4786fdb/analysis/1384987320/
Userlevel 7
Badge +55
PM sent!
Userlevel 2
I did that. No green check marks. Got home and re-installed WSA. Same results. Just downloaded the first malware link from malc0de. Not detected at all. Right click scan nothing. WSA is not working what so ever. 
 
https://www.virustotal.com/en/file/e1c4604375f6d2d0babcf1d9c2c1cfd16c599533c6fd6224f7ae686f972588b6/analysis/1384986823/
Userlevel 7
Badge +55
Also see this https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Getting-a-warning-box-upper-LH-side-of-screen/m-p/64111#M3361 and the whole thread is a good read.
 
Daniel
Userlevel 7
Badge +55
The 2013 Web Filter does not show up in the WRData folder you will see the extra folders when you get the new Web Filter. Again if you feel you don't have any Web Filter contact the support inbox. Try this http://www.yahoo.com and see if you see any greens check marks when doing a search for Webroot? Try IE, FF and or Chrome.
 
Daniel
Userlevel 2
I dont feel its not there. I know its not there cause it is not listed in Program Data. Is not suppose to be there? 
Userlevel 7
Badge +55
@ wrote:
Dear Daniel...............................................I AM NOT TALKING ABOUT A NEW WEB SHIELD. I AM TALKING ABOUT NO WEBSHIELD. Gezzzz.
If you feel that you have no Web Shield I would suggest you Submit a Support Ticket and have them look into it then it can ease you're mind!
 
Daniel
Userlevel 7
Badge +55
@ wrote:
Please people. I am not talking about the "new" web shield. I am talking about a web shield in general. Notice the topic of my thread. It clearly says "no web filtering". It does not say "no new 2014 web filtering". Thanks. 
Ok here is the final version! Everyone has the 2014 product most still use the 2013 Web Shield and the new Web Shield they are rolling it out slowly to keep an eye on it as it's all new tech so you lose nothing but have patience in the waiting for the new Web Shield it's been said from an inside source that approx 1/6th of the Home users have it now with further roll outs until complete and there is no time table when it will be completed.
 
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
So what part don't you understand?
Userlevel 2
Dear Daniel...............................................I AM NOT TALKING ABOUT A NEW WEB SHIELD. I AM TALKING ABOUT NO WEBSHIELD. Gezzzz.

Reply