Solved

Should Default User Settings include 'Warn' not 'Enable Max Heuristics'?



Show first post

46 replies

Userlevel 7
Badge +56
@ wrote:
Hello Thread,
 
FWIW ~ just adding my observation......not looking for reply ~ Thanks
 
just found Security Settings in Web Console




 
> observed that even at Console Settings Maximum that agent Settings Warn when any new program executes [..] is not selected.
We knew of that but I leave mine at User Configuration and that is what Lucas @ was trying to say earlier!
https://docs.webroot.com/us/en/home/wsa_website_userguide/wsa_managementwebsite_userguide.htm#PCSecurity/EditingPCSecuritySettings.htm%3FTocPath%3DPC%2520Security%7C_____3
@ wrote:
@ wrote:
Here is another Tidbit but notice the part on Heuristics:  https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/The-difference-between-a-deep-scan-and-a-full-scan/ta-p/6476
Yes, curious why Webroot has local Heuristics > Enable. 
 
quote: << The extra information generated from these actions may result in a Good or Bad determination from the cloud based on cloud heuristics or a heuristic determination from WSA itself - in which case one of the above Good or Bad results occur.>>
 
With respect & appreciation,
Thanks
> further to my curiosity re local Heuristics,.....found message >
 
There are two kinds of heuristics - agent heuristics and cloud heuristics.  Agent heuristics look at what the file is doing on that particular system, and cloud heuristics look at what a file is doing across the entire userbase.  If we have data on what that same file has been doing on all of the other computers in our intelligence network, the cloud heuristics are far better off for it and we can make rules in the cloud to identify and blacklist malware based on what the cloud is seeing about a given file. 
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Evaluating-SecureAnywhere-Antivirus-feedback-and-some-questions/m-p/38796/highlight/true#M1735
 
 
Userlevel 7
If you believe that you have an issue with this or that there is a general issue with the feature I would open a support ticket to let the Support Team know/so that they can investigate.
 
Quickest & most appropriate action.
 
Baldrick
Userlevel 7
Badge +56
@ no need to start new threads just keeping asking in here! Also follow Baldrick's suggestion and contact support.
Userlevel 7
And you certainly can find a lot of information and answers here in the Community...but NOT all...the only people who know ALL the answers are Webroot Support and/or the Development Team. Hence the recommendation that you make use of their services.
 
😉
Webroot Support (Mar 14, 2017 18:43)
Webroot not warning when there are unknown files is currently an issue that may be addressed in the future. We recommend leaving Webroot setup with default settings.
Regards,
Webroot Advanced Malware Removal Team
Userlevel 7
Correct...on all counts there, Daniel.
 
Regards, Baldrick
JP wrote: 
The Product Team has informed me that this issue has been documented and we are actively tracking it. They also said there has been only one report thus far, meaning that it is by no means a high-priority-issue in the backlog.  Also trying to figure out if this affects all OS's or just Win10.
_________________________________________________________________
 
and by "this issue has been documented" & "only one report" .... means, "Warn when any new program executes [..]" ...button, does not "Warn"..?
 
FWIW ~ I launched new setup.exe from my desktop (at test) with "Warn when any [..]" checked. 
Webroot was silent.   IDK, if my test is valid.   IDK, if "not specifically whitelisted" means, 'local or global' whitelist.
Thanks
@ wrote:
Here is another Tidbit but notice the part on Heuristics:  https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/The-difference-between-a-deep-scan-and-a-full-scan/ta-p/6476
Yes, curious why Webroot has local Heuristics > Enable. 
 
quote: << The extra information generated from these actions may result in a Good or Bad determination from the cloud based on cloud heuristics or a heuristic determination from WSA itself - in which case one of the above Good or Bad results occur.>>
 
With respect & appreciation,
Thanks
Hello Thread,
 
FWIW ~ just adding my observation......not looking for reply ~ Thanks
 
just found Security Settings in Web Console




 
> observed that even at Console Settings Maximum that agent Settings Warn when any new program executes [..] is not selected.
TripleHelix wrote: Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.
_________________________________________________________
bjm_ wrote: Thanks. I remain unsure regarding. 
<< Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay. >>
 
< any program not specifically included in the Webroot database of websites >

          program in the database of websites ?
___________________________________________________________________
 
TripleHelix wrote:  I'm just talking about files that are known good in the Webroot Cloud Database not websites.
 ___________________________________________________________________
bjm_ wrote:


 
http://live.webrootanywhere.com/content/680/Adjusting-Heuristics
 
___________________________________________________
 
FWIW ~ I run [u] c:program filesovirusthanksexe radar proerpsvc.exe [MD5:C1C9E5C71171E806646FB9E9ADB7E27B].  
 
"Warn when any" is silent.   Yes, erpsvc is Monitor (or, I'll move to Allow).   Webroot reports erpsvc as Unclassified.
Userlevel 7
You can well ask away here but as I stated earlier the quickest & best approach is the Support Team. Most of us do not have time to test every single setting & feature and so unless there is someone out there who has and wants to share you are most likely wasting your time, IMHO.
 
Personally, I use the recommended default "Enable enhanced heuristics based on the behavior, origin, age, and popularity of files", and it has never let me down...so for me...no need to experiment.
 
But if I ever do in this area I will let you know. ;)
 
Baldrick
 
 
I asked Support about 
<<Warn when any new program executes that is not specifically whitelisted
Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay.>>
 
<<Webroot will always ask if an unknown [u] program is trying to run. This is to ensure the user is aware that a file may be risky.
The Webroot Support Team>>
_____________________________________
 
FWIW ~ IIRC, I've not seen this dialog with [u] ~ YMMV


 
I'll update thread when I see above dialog. 
Thanks
> upon machine start (Fast Startup Off)


 
Sun 2017-03-12 08:26:24.0933    File blocked in realtime: c:windowssystem32{a6d608f0-0bde-491a-97ae-5c4b05d86e01}.bat [MD5: 5C5A797761421CF9B72087F3BC8A5259, Size: 180 bytes] [160/0000000E] [(null)]





maybe, Heuristics (Local) Warn when any [..] is (only) for System Space upon machine start (Fast Startup Off).


 
When I get "This file was blocked because [..]" with [u] in User Space.  I'll update thread.
Thanks
 
@ wrote:
bjm_ wrote: IDK, if "not specifically whitelisted" means, 'local or global' whitelist.Thanks
Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.
Okay. 
Thanks. I remain unsure regarding. 
<< Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay. >>
 
< any program not specifically included in the Webroot database of websites >

          program in the database of websites ?
 
 
> verbiage remains


 
> did we find out if "Warn when any [..]" works with W10
Hello Webrooters,
 
Warn when any new program executes that is not specifically whitelisted   
Issues a warning for any program not specifically included in the Webroot database [of websites that are known to be okay.]


 
after clean Webroot Antivirus install + restart and Advanced Settings to my preference + restart.   
Webroot Antivirus is silent for sandboxieinstall64-517-5.exe launch. 
[u] c:usersjmsdownloadssandboxieinstall64-517-5.exe [MD5: 209C43AD998FAB09AF14D8231F520157] [Flags: 40081000.1454]
 
IDK.  Should I receive warn dialog for [u] launch?
Does [u] launch qualify as new program execute that is not whitelisted?
 
Thanks
 
@ wrote:
@ no need to start new threads just keeping asking in here! Also follow Baldrick's suggestion and contact support.
Okay. 
The OP or Mod has marked up a Solution for this thread.
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Should-Default-User-Settings-include-Warn-not-Enable-Max/m-p/269705/highlight/true#M27776
 
Okay.  I'll keep asking here.  Also, thought thread was passed over because no reply "during the week"
<< Well lets see what Webroot has to say during the week [...]. >>
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Should-Default-User-Settings-include-Warn-not-Enable-Max/m-p/280585/highlight/true#M28996
 
Okay.  I'll keep asking in here & ask Support as per Baldrick's suggestion.
Should I receive warn dialog for [u] launch?
Does [u] launch qualify as new program execute that is not whitelisted?
 
Thanks
@ wrote:
You can well ask away here but as I stated earlier the quickest & best approach is the Support Team. Most of us do not have time to test every single setting & feature and so unless there is someone out there who has and wants to share you are most likely wasting your time, IMHO.
 
Personally, I use the recommended default "Enable enhanced heuristics based on the behavior, origin, age, and popularity of files", and it has never let me down...so for me...no need to experiment.
 
But if I ever do in this area I will let you know. ;)
 
Baldrick
 
 
And Support always writes.
<< We would like to invite you to join the Webroot Community, an online forum where you can find answers to your security questions, vote on ideas for our products, and talk to experts. >>
FWIW ~ based upon Security Settings chart. 



Maximum sets all Feature* Heuristics to Maximum except Offline Heuristics. 
Maybe, Warn when any new program executes that is not specifically whitelisted sets all Feature* Heuristics to Maximum including Offline Heuristics.
 
YMMV
@ wrote:
@ wrote:
Hello Thread,
 
FWIW ~ just adding my observation......not looking for reply ~ Thanks
 
just found Security Settings in Web Console




 
> observed that even at Console Settings Maximum that agent Settings Warn when any new program executes [..] is not selected.
We knew of that but I leave mine at User Configuration and that is what Lucas @ was trying to say earlier!
https://docs.webroot.com/us/en/home/wsa_website_userguide/wsa_managementwebsite_userguide.htm#PCSecurity/EditingPCSecuritySettings.htm%3FTocPath%3DPC%2520Security%7C_____3
Hmm, I thought @ was trying to say earlier that "Warn when any new program executes that is not specifically whitelisted" enables Maximum heuristics.
<<  2.) What this setting does do is enable Maximum heuristics. >>
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Should-Default-User-Settings-include-Warn-not-Enable-Max/m-p/288286/highlight/true#M29675

Not looking for reply.
Thanks

Reply