Should Default User Settings include 'Warn' not 'Enable Max Heuristics'?

I've reached out to a few people as well and will post back what I find.

TripleHelix,
Thanks for your interest and help.  

I'm unsure whether "Warn when any..." turns Off any level of Heuristics and changes Heuristics protection into whitelist anti-executable solely based upon user decision. 

Thanks

Great that's how I have it set!
 
Daniel 😉

@ wrote:
I've reached out to a few people as well and will post back what I find.

@ can we get some answers please? Or even from @ @ @ anyone.
 
I heard it's working fine on Win 7 and Win 10 but it doesn't work on Win 8 or 8.1 correct? How about XP and Vista users?
 
Thanks,
 
Daniel

Hello All,
 
I've been communicating with bjm_ regarding these settings and there are a couple of notes that I think are of benefit to this discussion.
 
1.) The reason we recommend leaving the option as default is it provides the most amount of security with the least fussieness. It also underscores a certain understanding of back end processes regarding file classification. The setting as stated requires an understanding of our whitelisting functionality, and this is pretty complex and deep. As WSA has matured we've included a number of additional protections and solutions that are less Black Grey and White as it was during our earlier years. As a result, a given file may or may not raise the alarm based on a number of properties. 
 
2.) What this setting does do is enable Maximum heruistics. Those of you who have been around long enough to recall the original WSA interface (White UI) may remember that there were a number of granular settings for Heuristics that were accessible in the UI. These options didn't go away, rather they were wrapped up into the 4 different settings now seen in the consumer agent. These options are masked in the consumer agent, but are exposed in the policy section of our business agent:

By setting the agent heuristic settings as descirbed here you set every heuristic mode describted above to its maximum setting. More information on what these different modes do can be found in the Admin Guide Heuristics.  As the guide describes: 

• Maximum — Provides the highest level of protection against new threats. Use this setting if you think that your system is infected or at very high risk. This setting may result in false detections.

While this can be managed by some of our more advanced and knowlegable customers, the vast majoritiy of our consumer base want solid security with little fuss. This setting as described doesn't really do that. 
 
3.) All of this can get muddied further, when we look at the current implementation of the Firewall / Web Shield since the release of the driver for Windows 10. 

These options have mixed conditions based on the given file, and the system state. My main point by bringing this up is that it is easy to confuse the two areas and their functions based on behavior. It's important to note that these settings only apply to network communcation. However, it can trigger network monitoring based on the given files behavior and user action.
 
I think that's enough for now. This topic can get very very confusing and indepth. Should there be any further questions, please let me know. I'll respond as soon as I can.
 
Thank you,
 
-------
Edit to correct a username.

I'm still waiting for a reply internally.

bjm_ wrote: IDK, if "not specifically whitelisted" means, 'local or global' whitelist.Thanks

Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.

@ wrote:
TripleHelix wrote: Whitelisted means Global or the Webroot BrightCloud Database deems it's known and clean.
_________________________________________________________
bjm_ wrote: Thanks. I remain unsure regarding. 
<< Issues a warning for any program not specifically included in the Webroot database of websites that are known to be okay. >>
 
< any program not specifically included in the Webroot database of websites >

          program in the database of websites ?
___________________________________________________________________
 
TripleHelix wrote:  I'm just talking about files that are known good in the Webroot Cloud Database not websites.
 ___________________________________________________________________
@ wrote:

 
http://live.webrootanywhere.com/content/680/Adjusting-Heuristics
 
___________________________________________________
 
FWIW ~ I run [u] c:program filesovirusthanksexe radar proerpsvc.exe [MD5:C1C9E5C71171E806646FB9E9ADB7E27B].  
 
"Warn when any" is silent.   Yes, erpsvc is Monitor (or, I'll move to Allow).   Webroot reports erpsvc as Unclassified.

Well lets see what Webroot has to say during the week because if you go to a bad Website it will be blocked so I don't know why that's in there with Heuristics as that is for running process files on that system IMO. None of the other settings say anything about Websites and I run with Max Heuristics which is just fine.
 
Adjust heuristics using the information in the following table.
OPTIONDESCRIPTION
Disable heuristicsTurns off heuristic analysis. Not recommended.
Enable standard heuristicsThis setting could lower your level of security.
Enable enhanced heuristics based on the behavior, origin, age, and popularity of filesDefault; recommended setting.
Enable maximum heuristicsUse with caution; this could cause unexpected behavior, prevent the use of lesser known applications, or prevent the installation of rarely-used programs.
Warn when any new program executes that is not specifically whitelistedIssues a warning for any program not specifically included in the Webroot database of websites that are known to be okay.
Enable Webroot InfraredFor details, see PC Shields Overview.

I was told the same Internally!

Thanks for that very thorough explanation, TechToc. 😉

Thank you TechToc, Bookmarked. 😉