Webroot can be initially disabled but a reboot caused an upgrade of ESET to go really, really, bad. I would like to avoid this problem on the Win7 system.
The community is being asked because supports final answer was; "the Webroot software you own from us is a full antivirus suite meaning that is all you need, so you do not need to antivirus applications."
(edited to indicate change of mind)
Best answer by JimM
The entry point being a USB device wouldn't change the scenario negatively, but it does add an additional point at which WSA could potentially locate and deal with the threat. WSA has a USB shield, specifically designed to deal with that type of threat, offline and behavioral shields to deal with threats without a cloud connection, and the self-protection shield I mentioned earlier to stop a malicious unknown from tampering with WSA itself. So again, the example cannot actually occur when the hypothetical threat cannot actually disable WSA.
"This suggests that WSA does not require a connection for scanning and detection. I was under the impression that, being cloud based, that was a requirement."
No, that's not a requirement. "Cloud-based," does not necessarily entail that the cloud is a requirement for it to function. The optimal state is of course that the device is connected to the internet so that the cloud database can tell WSA "We classified this one already. Deal with it as either Good or Bad." However, WSA is capable of making determinations heuristically without consulting the cloud if necessary.
"There was no mention of how a deleted or replace file would be restored."
Any action the Unknown program is making is logged. That would include actions taken on existing files. Those edits are reversed because the actions themselves are journaled and can basically be rewound. As a change is being made (file is changed or deleted), the existing data is encrypted and stored by WSA. If the Unknown that did the change gets marked as Good, the stored data copy is deleted after a while since it wouldn't be needed. If the Unknown is discovered to be Bad, the stored data is used to roll back the changes.
Or to use a fun analogy, it's kind of like how transporter buffers work in Star Trek. Transporter A reads the data from the object to be transported, and Transporter B writes that information to the world. Transporter B might transport the object (copy it), beam it out into space (delete it), or beam a pile of goo onto the transporter room floor (edit it). WSA is like the buffer in the middle, which can save the pattern. If Transporter B ends up malfunctioning, the pattern can still be pulled out of the buffer to rematerialize the proper object. Luckily, since we're talking about computer files and not people, we don't have to deal with things like the metaphysical problems of being a copy either! :D