Solved

Should Default User Settings include 'Warn' not 'Enable Max Heuristics'?



Show first post

46 replies

Userlevel 7
Badge +56
@ wrote:

TripleHelix wrote: Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.

_________________________________________________________

bjm_ wrote: Thanks. I remain unsure regarding. 

<< Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay. >>

 

< any program not specifically included in the Webroot database of websites >



          program in the database of websites ?

___________________________________________________________________

 

TripleHelix wrote:  I'm just talking about files that are known good in the Webroot Cloud Database not websites.

 ___________________________________________________________________

@ wrote:



 

http://live.webrootanywhere.com/content/680/Adjusting-Heuristics

 

___________________________________________________

 

FWIW ~ I run [u] c:program filesovirusthanksexe radar proerpsvc.exe [MD5:C1C9E5C71171E806646FB9E9ADB7E27B].  

 

"Warn when any" is silent.   Yes, erpsvc is Monitor (or, I'll move to Allow).   Webroot reports erpsvc as Unclassified.

Well lets see what Webroot has to say during the week because if you go to a bad Website it will be blocked so I don't know why that's in there with Heuristics as that is for running process files on that system IMO. None of the other settings say anything about Websites and I run with Max Heuristics which is just fine.

 

Adjust heuristics using the information in the following table.

OPTIONDESCRIPTION

Disable heuristicsTurns off heuristic analysis. Not recommended.

Enable standard heuristicsThis setting could lower your level of security.

Enable enhanced heuristics based on the behavior, origin, age, and popularity of filesDefault; recommended setting.

Enable maximum heuristicsUse with caution; this could cause unexpected behavior, prevent the use of lesser known applications, or prevent the installation of rarely-used programs.

Warn when any new program executes that is not specifically whitelistedIssues a warning for any program not specifically included in the Webroot database of websites that are known to be okay.

Enable Webroot InfraredFor details, see PC Shields Overview.
TripleHelix wrote: Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.

_________________________________________________________

bjm_ wrote: Thanks. I remain unsure regarding. 

<< Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay. >>

 

< any program not specifically included in the Webroot database of websites >



          program in the database of websites ?

___________________________________________________________________

 

TripleHelix wrote:  I'm just talking about files that are known good in the Webroot Cloud Database not websites.

 ___________________________________________________________________

bjm_ wrote:



 

http://live.webrootanywhere.com/content/680/Adjusting-Heuristics

 

___________________________________________________

 

FWIW ~ I run [u] c:program filesovirusthanksexe radar proerpsvc.exe [MD5:C1C9E5C71171E806646FB9E9ADB7E27B].  

 

"Warn when any" is silent.   Yes, erpsvc is Monitor (or, I'll move to Allow).   Webroot reports erpsvc as Unclassified.
Userlevel 7
Badge +56
@ wrote:

@ wrote:

bjm_ wrote: IDK, if "not specifically whitelisted" means, 'local or global' whitelist.Thanks

Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.

Okay. 

Thanks. I remain unsure regarding. 

<< Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay. >>

 

< any program not specifically included in the Webroot database of websites >



          program in the database of websites ?

 

 

I'm just talking about files that are known good in the Webroot Cloud Database not websites.

 

[g] Means Known Good so they are whitelisted!

 

[u] Means Unknown so they are not whitelisted yet or could be bad and Webroot will monitor [u] files just in case it needs to rollback when marked Bad or Good. When Good it will stop monitoring the said [u] files.

 

Scan Started: Fri 2016-12-30 13:00:10

[g] c:windowssystem32smss.exe [MD5: 55366CB9F41F3112DE634CDB3116E563] [Flags: 40191000.3]

[g] c:windowssystem32csrss.exe [MD5: 77DBC745D957B4F0404ABABC10696784] [Flags: 40191000.58]

[g] c:windowssystem32wininit.exe [MD5: 99A19C9A74E2F9820E501DCE77F84F70] [Flags: 40191000.59]

[g] c:windowssystem32services.exe [MD5: 3C69CC28665854F1AAB4B4005005FA31] [Flags: 50191000.60]

[g] c:windowssystem32lsass.exe [MD5: 6F8E95716C1A27FF2FE96D30B147F1C1] [Flags: 50191000.61]

[g] c:windowssystem32svchost.exe [MD5: 36F670D89040709013F6A460176767EC] [Flags: 50191000.62]

[g] c:windowssystem32dwm.exe [MD5: C89F159A577F19F7F03C73C98D29D841] [Flags: 40190000.63]

[g] c:windowssystem32wudfhost.exe [MD5: EEFFD9259D6D6CFDBDC71F24730566BB] [Flags: 40190000.64]

[g] c:windowssystem32winlogon.exe [MD5: DE6DF9BBBECAFDEF462A37D839167368] [Flags: 40190000.65]

[g] c:windowssystem32kernel32.dll [MD5: 6955067712F2F4752CA12192B08EF860] [Flags: 40011000.69]

[g] c:windowssystem32advapi32.dll [MD5: BB70217AED0E89C3737D48BAA0A401DE] [Flags: 40011000.75]

[g] c:windowssystem32msvcrt.dll [MD5: 94EF9321C287FC1B179419E662996A41] [Flags: 40011000.79]

[g] c:windowssystem32sechost.dll [MD5: 613633DB655721B1753AEE43947665EC] [Flags: 40011000.78]

 



 

 

https://www.webroot.com/us/en/business/threat-intelligence
@ wrote:

bjm_ wrote: IDK, if "not specifically whitelisted" means, 'local or global' whitelist.Thanks

Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.

Okay. 

Thanks. I remain unsure regarding. 

<< Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay. >>

 

< any program not specifically included in the Webroot database of websites >



          program in the database of websites ?

 

 
Userlevel 7
Badge +56
bjm_ wrote: IDK, if "not specifically whitelisted" means, 'local or global' whitelist.Thanks

Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.
JP wrote: 

The Product Team has informed me that this issue has been documented and we are actively tracking it. They also said there has been only one report thus far, meaning that it is by no means a high-priority-issue in the backlog.  Also trying to figure out if this affects all OS's or just Win10.

_________________________________________________________________

 

and by "this issue has been documented" & "only one report" .... means, "Warn when any new program executes [..]" ...button, does not "Warn"..?

 

FWIW ~ I launched new setup.exe from my desktop (at test) with "Warn when any [..]" checked. 

Webroot was silent.   IDK, if my test is valid.   IDK, if "not specifically whitelisted" means, 'local or global' whitelist.

Thanks
Userlevel 7
@ wrote:

@ wrote:

@ can you check with Lucas @ about this for a comment?

 

Thanks,

 

Daniel ;)

Unfortunately, Lucas is not in the Office currently. I've forwarded this thread to our Manager of Product Support to check with his Team and/or the Product Team as well.

The Product Team has informed me that this issue has been documented and we are actively tracking it. They also said there has been only one report thus far, meaning that it is by no means a high-priority-issue in the backlog.

 

Also trying to figure out if this affects all OS's or just Win10.
Userlevel 7
@ wrote:

@ can you check with Lucas @ about this for a comment?

 

Thanks,

 

Daniel ;)

Unfortunately, Lucas is not in the Office currently. I've forwarded this thread to our Manager of Product Support to check with his Team and/or the Product Team as well.
Userlevel 7
Badge +56
@ can you check with Lucas @ about this for a comment?

 

Thanks,

 

Daniel 😉
Userlevel 7
Badge +56
@ wrote:

I've reached out to a few people as well and will post back what I find.

@ can we get some answers please? Or even from @ @ @ anyone.

 

I heard it's working fine on Win 7 and Win 10 but it doesn't work on Win 8 or 8.1 correct? How about XP and Vista users?

 

Thanks,

 

Daniel
Userlevel 7
Badge +56
No info yet?
Userlevel 7
I've reached out to a few people as well and will post back what I find.
Userlevel 7
Badge +56
I'm still waiting for a reply internally.
TripleHelix,

Thanks for your interest and help.  



I'm unsure whether "Warn when any..." turns Off any level of Heuristics and changes Heuristics protection into whitelist anti-executable solely based upon user decision. 



Thanks
Userlevel 7
Badge +56
@ wrote:

@ wrote:

Just to let you know that setting in WSA: "Warn when any new program executes that is not specfically whitelisted" is not working as it should and Webroot is aware of it and a fix will be out in the near future. Also note this does not reduce the protection of WSA in any way as it's just the setting that needs to be fixed.

 

Thanks,

 

Daniel ;)

 



Progress regarding "setting that needs to be fixed."....?

 

Thanks

I'm not sure if it's fixed so I will ask @ @ @ @ to see if it is?

 

Thanks,

 

Daniel
@ wrote:

Just to let you know that setting in WSA: "Warn when any new program executes that is not specfically whitelisted" is not working as it should and Webroot is aware of it and a fix will be out in the near future. Also note this does not reduce the protection of WSA in any way as it's just the setting that needs to be fixed.

 

Thanks,

 

Daniel ;)

 



Progress regarding "setting that needs to be fixed."....?

 

Thanks
Userlevel 7
Badge +56
Great that's how I have it set!

 

Daniel 😉
Userlevel 5
TFT Daniel.

 

I'll go with 'Max Heuristics' enabled.:womanvery-happy:

 

 
Userlevel 7
Badge +56
If that setting above was working correctly it would make WSA very, very noisy to say the least. You would get so many Pop-Ups it would drive you crazy like an Anti-EXE app so no I would not recommend that setting as in most cases all your or anyone's files are not fully Whitelisted  and depends if you use not so well known programs as it would take the Webroot Cloud longer to determine such programs Good without contacting support and asking them to Whitelist all your files on every update.

 

IMO,

 

Daniel
Userlevel 5
Thankyou for that TripleH.

 

Ok the button is a bit broken but it still works - so that's all good.

 

 

So Mr H do you reckon I should change my settings or not?

 

 

 

 
Userlevel 7
Badge +56
Just to let you know that setting in WSA: "Warn when any new program executes that is not specfically whitelisted" is not working as it should and Webroot is aware of it and a fix will be out in the near future. Also note this does not reduce the protection of WSA in any way as it's just the setting that needs to be fixed.

 

Thanks,

 

Daniel ;)

 

Reply