I'm using the trial Webroot SA Antivirus and came from using McAfee and Bitdefender AV. They all do a quick scan when installing but a system scan after that takes hours. A scan took five minutes or so! Is there a setup option I haven't found as it's on the default settings?
Edit:
I found a thread here a couple of years old that states that this fast scanning speed is normal.
Userlevel 7
+62
😃 Welcome to the Webroot Forum wptski!! Great to have you here.
WSA scans very fast and faster then any other AVs out there. The reason is its done in the CLOUD! And WSA is always scanning and working efficiently and as posted by our Forum member@ ere some info: http://www.brightcloud.com/services/web-classification.php and here: https://www.youtube.com/watch?v=GqvVTE8-fA4&feature=c4-overview-vl&list=PLAD937EC45A3309EF and I hope you enjopy the video information.
Please post back and let us know how you are doing and if you have anymore questions!;)
Best Regards,
WSA scans very fast and faster then any other AVs out there. The reason is its done in the CLOUD! And WSA is always scanning and working efficiently and as posted by our Forum member
Please post back and let us know how you are doing and if you have anymore questions!;)
Best Regards,
Userlevel 7
Hello wptski. Welcome to the Community.
As already mentioned by Sherjj, WSA uses the power of the cloud. It's the fastest and lightest AV in the market.
In case you want to perform a custom scan, click on gear icon besides PC Security > Custom Scan below the tab Scan & Shields. There you can perform a full scan. And you'll see how fast it is. You'll realize what you've been missing with using your previous security solutions.;)
As already mentioned by Sherjj, WSA uses the power of the cloud. It's the fastest and lightest AV in the market.
In case you want to perform a custom scan, click on gear icon besides PC Security > Custom Scan below the tab Scan & Shields. There you can perform a full scan. And you'll see how fast it is. You'll realize what you've been missing with using your previous security solutions.;)
Userlevel 7
To add on to what Sherry said, WSA also just does things differently. It simply doesnt waste time or resources scanning that which doesnt need scanned.
Simply put, it is a waste of time scanning the entire hard drive. 99% of viruses reside in specific areas of the drive so there is generally no need to scan all of it. Think of it this way: when at WalMart you would not be lookng for lettuce in the Automotive Department: there is no need to look in the Automotive Department for lettuce each and every time you are looking for lettuce.
Also, in the event malware IS in a spot out of the norm (a roque shopper dropped lettuce in the engine oil shelf at the Automotive Department), when that file is accessed for any reason it will be identified and blocked. (Like the register in Automotive scans the lettuce bar code and sees something out of place...)
Even IF, after being accessed (lettuce being scanned in Automotive) and allowed, it is recorded and can be reversed (the lettuce in the oil aisle might have initially been scanned as oil at the Automotive checkout, but it is on the reciept and can be removed later by rechecking) and all changes or actions made by it are also recorded so can be rolled back or removed.
Simply put, it is a waste of time scanning the entire hard drive. 99% of viruses reside in specific areas of the drive so there is generally no need to scan all of it. Think of it this way: when at WalMart you would not be lookng for lettuce in the Automotive Department: there is no need to look in the Automotive Department for lettuce each and every time you are looking for lettuce.
Also, in the event malware IS in a spot out of the norm (a roque shopper dropped lettuce in the engine oil shelf at the Automotive Department), when that file is accessed for any reason it will be identified and blocked. (Like the register in Automotive scans the lettuce bar code and sees something out of place...)
Even IF, after being accessed (lettuce being scanned in Automotive) and allowed, it is recorded and can be reversed (the lettuce in the oil aisle might have initially been scanned as oil at the Automotive checkout, but it is on the reciept and can be removed later by rechecking) and all changes or actions made by it are also recorded so can be rolled back or removed.
Userlevel 7
+52
Hello wptski and Welcome to the Webroot Community Forums!
A unique capability that sets Webroot SecureAnywhere apart from every other antivirus solution is the way unknown or ‘undetermined’ malware is handled, and the automatic remediation that is provided. If a new program is introduced to the machine protected by Webroot SecureAnywhere, and it has no existing relationship to anything else on that machine, then local heuristics and other defenses are automatically applied to make a good or bad determination.
For example, if a suspicious or undetermined program has passed the several layers of local and Webroot Intelligence Network checks, it is monitored extremely closely, and watched to see which files, registry keys and memory locations it alters.
If a monitored program is later found to be behaving maliciously, Webroot SecureAnywhere can step-in to block and quarantine it, alert the user and administrator, and proceed to automatically clean-up the threat. The journaling function has recorded and remembered the before and after state of each change made (including changes made to local files). So in the rare case that a threat does get through the heuristics, sandbox, and other defenses, the journaling and monitoring of behavior ensures it cannot do any permanent damage to a user’s machine.
Webroot maintains a global listing of good files in addition to bad ones and unknown ones. Third-party antivirus software is included in this list. It takes less time for WSA to ask the cloud if the software in question is good, bad, or unknown than it does for you to manually tell it to flag all of those files as good. Additionally, the third-party software is probably going to update a lot, being that it's antivirus software (most-likely old-school definitions based stuff too). When it updates, those files change, and for all real purposes they are new files. The original whitelisting action you would have taken would have whitelisted a certain set of files locally, but it wouldn't account for updates. However, our cloud-based whitelisting does that automatically, which is why you notice no ill effects.
HIPS, or a Host Intrusion Prevention System is a fancy name for a more complex form of heuristics based on pre-examination of the code for certain attributes that may indicate a malicious payload, and/or runtime analysis of the PE. Calling it "Perfect" or "The best" is more faulty than people realize, simply due to the fact that it's almost if not fully impossible for a computer to make a decision about a program based entirely on its behavior. Attempting to do so either will miss subtle things at a dramatic rate, or end up with so many FPs that it's unusable, or require user input. The third item is the number one way to annoy users.
What is the programmatically-observable behavior difference between a threat and an IRC chat program? Anybody with a decent bit of coding knowledge could write a threat that does only a subset of the things that the mIRC client does, for example. Yet what makes the threat a threat and the IRC client not? The end use of the internal operations, which are impossible for a program to make a decision on. Traditional HIPS is trivial to bypass.
Anyway, it's a moot point, since WSA already does HIPS, and in fact does much more extensive HIPS than a local process alone can perform. Unknown machine code is primed in a sandbox and the code inspected with zero access to system resources. Also, code entry points are investigated, activity is determined, and behavior is compared not just based on local information, but on constant live updates on the cloud, supplemented by live threat researchers. Should something be present and undetected by traditional HIPS alone on, say, 100 machines, the moment it does something bad on one of them, it's wiped off all of them.
More importantly, unlike conventional HIPS that relies on a one-time inspection, anything that hasn't already been defined as known-good is constantly monitored and inspected. Even in cases where initial code inspection and activity monitoring will find nothing suspicious due to a delayed action in the malicious code, the ongoing monitoring can catch it the moment it does something odd.
So we've got you covered on HIPS too, with the intelligence of the cloud data and analysis behind it.
Why Traditional Antivirus is failing -- Webroot Webinar
Here's 3 Great Video's with Webroot CEO, Dick Williams and Michael Malloy, Executive VP of Product and Strategy of Webroot Inc.
Thank you
Petr.
A unique capability that sets Webroot SecureAnywhere apart from every other antivirus solution is the way unknown or ‘undetermined’ malware is handled, and the automatic remediation that is provided. If a new program is introduced to the machine protected by Webroot SecureAnywhere, and it has no existing relationship to anything else on that machine, then local heuristics and other defenses are automatically applied to make a good or bad determination.
For example, if a suspicious or undetermined program has passed the several layers of local and Webroot Intelligence Network checks, it is monitored extremely closely, and watched to see which files, registry keys and memory locations it alters.
If a monitored program is later found to be behaving maliciously, Webroot SecureAnywhere can step-in to block and quarantine it, alert the user and administrator, and proceed to automatically clean-up the threat. The journaling function has recorded and remembered the before and after state of each change made (including changes made to local files). So in the rare case that a threat does get through the heuristics, sandbox, and other defenses, the journaling and monitoring of behavior ensures it cannot do any permanent damage to a user’s machine.
Webroot maintains a global listing of good files in addition to bad ones and unknown ones. Third-party antivirus software is included in this list. It takes less time for WSA to ask the cloud if the software in question is good, bad, or unknown than it does for you to manually tell it to flag all of those files as good. Additionally, the third-party software is probably going to update a lot, being that it's antivirus software (most-likely old-school definitions based stuff too). When it updates, those files change, and for all real purposes they are new files. The original whitelisting action you would have taken would have whitelisted a certain set of files locally, but it wouldn't account for updates. However, our cloud-based whitelisting does that automatically, which is why you notice no ill effects.
HIPS, or a Host Intrusion Prevention System is a fancy name for a more complex form of heuristics based on pre-examination of the code for certain attributes that may indicate a malicious payload, and/or runtime analysis of the PE. Calling it "Perfect" or "The best" is more faulty than people realize, simply due to the fact that it's almost if not fully impossible for a computer to make a decision about a program based entirely on its behavior. Attempting to do so either will miss subtle things at a dramatic rate, or end up with so many FPs that it's unusable, or require user input. The third item is the number one way to annoy users.
What is the programmatically-observable behavior difference between a threat and an IRC chat program? Anybody with a decent bit of coding knowledge could write a threat that does only a subset of the things that the mIRC client does, for example. Yet what makes the threat a threat and the IRC client not? The end use of the internal operations, which are impossible for a program to make a decision on. Traditional HIPS is trivial to bypass.
Anyway, it's a moot point, since WSA already does HIPS, and in fact does much more extensive HIPS than a local process alone can perform. Unknown machine code is primed in a sandbox and the code inspected with zero access to system resources. Also, code entry points are investigated, activity is determined, and behavior is compared not just based on local information, but on constant live updates on the cloud, supplemented by live threat researchers. Should something be present and undetected by traditional HIPS alone on, say, 100 machines, the moment it does something bad on one of them, it's wiped off all of them.
More importantly, unlike conventional HIPS that relies on a one-time inspection, anything that hasn't already been defined as known-good is constantly monitored and inspected. Even in cases where initial code inspection and activity monitoring will find nothing suspicious due to a delayed action in the malicious code, the ongoing monitoring can catch it the moment it does something odd.
So we've got you covered on HIPS too, with the intelligence of the cloud data and analysis behind it.
Why Traditional Antivirus is failing -- Webroot Webinar
Here's 3 Great Video's with Webroot CEO, Dick Williams and Michael Malloy, Executive VP of Product and Strategy of Webroot Inc.
Thank you
Petr.
Userlevel 7
This is a great material comp, especially for the new users.
Thanks Petr!
Thanks Petr!
Userlevel 4
Thanks to all that have responded! :D I just installed it yesterday but missed the Custom Scan Option which I found this morning. I love the speed and I think it's a keeper. 😃
Userlevel 7
+52
Help describes the features of all SecureAnywhere
Scanning for Malware
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C2_Scanning/CH2a_RunningScan.htm
Scanning for Malware
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C2_Scanning/CH2a_RunningScan.htm
Userlevel 7
Hi wptski
A belated welcome to the Community Forums. Best approach, now that you are installed & protected, is a little exploration of the further features...with a post back in the Forums should you have any other queries. And do not forget that you do have access to contextual help from within the app...which is a great place to start.
Regards Baldrick
A belated welcome to the Community Forums. Best approach, now that you are installed & protected, is a little exploration of the further features...with a post back in the Forums should you have any other queries. And do not forget that you do have access to contextual help from within the app...which is a great place to start.
Regards Baldrick
Userlevel 7
Hi wptski,
Welcome to the Community!
What distinguishes WSA is primarily a totally different from the traditional, utilizing the power of the cloud, approach to protection against threats. Lightest and fastest, without constantly downloading patches and updates and with the active protection, regardless of whether you are online or offline. This is the new standard of modern security, this is Webroot SecureAnywhere!
Hope you stay with us for longer as the satisfied WSA user:D
Regards,
Mike
Welcome to the Community!
Indeed the scanning speed is amazing, but not only this makes WSA the unique solution ;)@ wrote:
I love the speed and I think it's a keeper. :D
What distinguishes WSA is primarily a totally different from the traditional, utilizing the power of the cloud, approach to protection against threats. Lightest and fastest, without constantly downloading patches and updates and with the active protection, regardless of whether you are online or offline. This is the new standard of modern security, this is Webroot SecureAnywhere!
Hope you stay with us for longer as the satisfied WSA user:D
Regards,
Mike
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.