Solved

What Modules Differ Between Home and Business Editions?

  • 23 January 2024
  • 9 replies
  • 136 views

Userlevel 3

Hello,

 

I’m wondering how big the protection gap or module difference is between Webroot Home and Business Products. In particular I read a lot of announcements around the Evasion Shield (AMSI and Script) scanner and the Foreign Code Shields (suspicious execution patterns) announced back in 2020 and 2021 respectively. Reading through release notes looks like an Anti-Ransomware module is getting pretty close to release as well in 2024 but all 3 of these seem to be for the Business products only.

Does the Home Editions contain (or will contain) these additional shields soon?

  • Script Shield has toggle but I assume that is for an older script scanning technology that doesn’t have the more advanced hooks into AMSI like the newer Evasion Shield or am I wrong? Is there a plan to add the more capable Evasion Shield at some point even if disabled to start to avoid false positives?
  • Foreign Code Shield - is this also a Business only Shield? I don’t see any mentions or toggles for something similar in the Home editions either in the GUI or the KB/Guides
  • Anti-Ransomware Shield - Is there a plan to add this module to the home editions or will they have the same fate as the other 2 mentioned and be Business only? If it does come to Home will this module be more of a behavioral based watching for encryption processes and backing up the files inside a product database or to the Carbonnite cloud and then restore the files to a clean copy once an attack is confirmed as is rolled back? Journaling can only do so much so I’d a full file backup is a more sure fired way to restore files that where affected.

It seems like the move to “Core” Builds/Shield is to make the products more modular and separate the protection modules from the client/agent GUI itself. Not sure if there is a plan to unify the Home and Business to be the same core protection modules (minus licenses differences) so the home editions will catch in the protection ability department. Also is this part of why at the moment Home Editions lost access to all of the cloud based controls in the new console but will they return again at some point? It used to be that you could remotely be the family “IT Guy” and trigger scans, Optimizations, check detections and security status, etc but that is all gone as of right now.

 

Thank you,

icon

Best answer by TripleHelix 31 January 2024, 16:55

View original

This topic has been closed for comments

9 replies

Userlevel 7
Badge +63

Hello @WolfPackUNR 

 

It's in the Consumer products as well and we continue to Beta test in the Beta Group for Consumers. Now the Business version has an awesome Online Console and you can make many changes within the Online Console to tune to Business needs. I’m not sure if the Business version has all the features you mentioned but the Consumers does as that is what I use.

 

 

 

 

Your right about the new Online Console for Consumers and we don’t like it but we haven’t been told if anything is going change either but hopefully they will tell us all.

 

HTH,

Userlevel 3
​​​​No Foreign Code Shield

Hmm, I checked my install and don’t see any reference to the Foreign Code Shield. I beleive I’m running what is considered Antivirus Plus (It has the browser Web Shield Extension but no system optimizer). Is that Shield only available on Internet Security and above? I’m running 9.0.35.12 with Core 1.6 (impatiently waiting for 1.7 to release 😁). Is that normal for my edition?

 

For the script shield if I am understanding correctly that is the same technology then as the Business Evasion Shield in “Detect and Remediate” mode but for Home Users?

 

Semi related question, is Webroot still considered to be compatible other antivirus software running at the same time? Came across older KB articles mentioning it’s fine if it’s installed after another antivirus and a couple of the critical EXEs have been excluded in that providers system. Just wondering between this Script Shield (multiple AMSI scanners) and this Anti-Ransomware module being tested does that compatibily still hold true? Seems like more chances for a race condition to occur and the 2 products to start fighting with each other. Or does Webroot still do some sort of check of the system on install and see the other antivirus and sets a delay/deferal to not jump in until some sort of time limit/critical risk score is reached meaning it’s likely the other antivirus missed it and it’s time for WSA to jump in.


Are there still beta oppurtunities and if so is there a process to join? Saw an older post about DMing you or any of the other mods but not sure if your still recruiting. Especially if your looking for telemtery on machines with another AV and how the beta product behaves with it. 

 

Userlevel 7
Badge +63

Hello @WolfPackUNR 

 

I thought the Foreign Code Shield was released to all Consumer users but maybe it’s only in the Beta Group and it would be all Webroot AV’s including ISP and Complete even AV only. We are looking for Beta Testers but only ones that will give feedback. If you want to join follow the instructions here:

Make a post in there as well, also PM the Community Manager: https://community.webroot.com/inbox/conversation?with=9060

 

Click on pictures to see full size!

 

 

Concerning other AV’s with Webroot times have changed so I don’t know with ones these days will run along side with Webroot? I have Malwarebytes but only for On-Demand I also use other different security software which is not an AV like Cyberlock and again that’s me. If you have Webroot installed it shuts off Windows Defender but you can set Windows Defender to do Periodic Scanning which I don’t use.

 

 

See what files you have in this folder:

 

 

Thanks,

Userlevel 3

Confirmed after joining the Beta the Foreign Code Shield is a Beta edition module only right now. Looks like the standard currently available public release doesn’t include it. 

 

Running it alongside another antivirus (Bitdefender in my case) would cause problems is my thought too with the products fighting with each other. It was this article/KB I came across but wasn’t sure if that still holds true or not.

https://answers.webroot.com/Webroot/ukp.aspx?pid=17&ruleid=1984#:~:text=Webroot%20SecureAnywhere%20is%20compatible%20with,the%20non%2DWebroot%20program%20first.

Userlevel 7
Badge +63

Hello @WolfPackUNR 

 

All I can say is give it a try and if Malware is detected by both Webroot will step aside to stop the conflict and allow Bitdefender to remove the Malware but many AV’s have changed over the years so give it a go and let us know. Are you using Bitdefender AV or there Suite?

 

Thanks,

Userlevel 3

I’m using their Total Security suite so that includes their AMSI/Script scanning, Advanced Threat Control (ATC)  (Malicious Behavior Monitoring), Anti-Ransomware (automatic file backup and roll back if ATC triggers after seeing encryption behavior), Firewall not based on Windows Firewall, and their own System Optimizer.

 

Definitely a lot of overlap especially in the beta version of Webroot. I could test with an EICAR or AMTSO file and see what they do since it’s benign. Bitdefender from my understanding holds all the detections on device aside from the URL/DNS reputation, Webroot requires the cloud for all detections. In an offline state it essentially journals everything until a connection is re-established and would then trigger it’s journal once it’s able to get caught back up on submitting the MD5 hashes to the cloud for verdicts.

If it’s a static file hash detection I would imagine Bitdefender would beat it to the punch with the on device database. It’s all the other modules like Ransomware and Behavior monitoring between the 2 products I’d be curious how it works/behaves since it requires the malware to be running for a bit a reveal what it does before either product does anything and who would win out? Wish Webroot would post more technical deep dive Whitepapers on what and how exactly each of their Shields function, what does it monitor for, what detection logic happens on device vs in the cloud, etc. 

It would seem like the Anti-Ransomware and Foreign Code Shield would need on device logic or is it simply extracting and sending to BrightCloud the MD5 hashes and the execution patterns and needs to wait for a command/verdict from the cloud to say this pattern is bad and to terminate and journal back all changes. If so does that mean the new Anti-Ransomware module uses some sort of continuous rolling DB backup of file changes while it’s waiting for a verdict if ransomware was able to get to work before it’s terminated. Generally Journaling would only be able to reserve setting changes like program files written or registry keys added by basically deleting going off it’s list of recorded activity. But when ransomware is editing files directly and scrambling them a full backup is the only way to recover them, so I would assume that’s what this new Webroot Module is looking to add but just a guess.

Userlevel 7
Badge +63

WoW you have allot of what if’s! I haven’t tested 2 AV’s in a very long time so I couldn’t say. Also some things your asking here should be asked in the Beta Group because as you seen a few things are not out to the Public yet. So lets take it to the Beta Group here: https://community.webroot.com/wsa-for-home-beta-73

 

Thanks!

Userlevel 3

Sure thing, if there is an easy way to move this to the beta channel or copy and paste feel free. I can’t see of an easy to do so but not sure if you have special mod tools to do so. 😅 Really interested to see some deeper insight and explanations if possible from product managers.

Userlevel 7
Badge +63

I will close this thread and start a new thread in the Beta Group.