What Modules Differ Between Home and Business Editions?

Hmm, I checked my install and don’t see any reference to the Foreign Code Shield. I beleive I’m running what is considered Antivirus Plus (It has the browser Web Shield Extension but no system optimizer). Is that Shield only available on Internet Security and above? I’m running 9.0.35.12 with Core 1.6 (impatiently waiting for 1.7 to release 😁). Is that normal for my edition?

For the script shield if I am understanding correctly that is the same technology then as the Business Evasion Shield in “Detect and Remediate” mode but for Home Users?

Semi related question, is Webroot still considered to be compatible other antivirus software running at the same time? Came across older KB articles mentioning it’s fine if it’s installed after another antivirus and a couple of the critical EXEs have been excluded in that providers system. Just wondering between this Script Shield (multiple AMSI scanners) and this Anti-Ransomware module being tested does that compatibily still hold true? Seems like more chances for a race condition to occur and the 2 products to start fighting with each other. Or does Webroot still do some sort of check of the system on install and see the other antivirus and sets a delay/deferal to not jump in until some sort of time limit/critical risk score is reached meaning it’s likely the other antivirus missed it and it’s time for WSA to jump in.

Are there still beta oppurtunities and if so is there a process to join? Saw an older post about DMing you or any of the other mods but not sure if your still recruiting. Especially if your looking for telemtery on machines with another AV and how the beta product behaves with it. 

Confirmed after joining the Beta the Foreign Code Shield is a Beta edition module only right now. Looks like the standard currently available public release doesn’t include it. 

Running it alongside another antivirus (Bitdefender in my case) would cause problems is my thought too with the products fighting with each other. It was this article/KB I came across but wasn’t sure if that still holds true or not.

https://answers.webroot.com/Webroot/ukp.aspx?pid=17&ruleid=1984#:~:text=Webroot%20SecureAnywhere%20is%20compatible%20with,the%20non%2DWebroot%20program%20first.

I’m using their Total Security suite so that includes their AMSI/Script scanning, Advanced Threat Control (ATC)  (Malicious Behavior Monitoring), Anti-Ransomware (automatic file backup and roll back if ATC triggers after seeing encryption behavior), Firewall not based on Windows Firewall, and their own System Optimizer.

Definitely a lot of overlap especially in the beta version of Webroot. I could test with an EICAR or AMTSO file and see what they do since it’s benign. Bitdefender from my understanding holds all the detections on device aside from the URL/DNS reputation, Webroot requires the cloud for all detections. In an offline state it essentially journals everything until a connection is re-established and would then trigger it’s journal once it’s able to get caught back up on submitting the MD5 hashes to the cloud for verdicts.

If it’s a static file hash detection I would imagine Bitdefender would beat it to the punch with the on device database. It’s all the other modules like Ransomware and Behavior monitoring between the 2 products I’d be curious how it works/behaves since it requires the malware to be running for a bit a reveal what it does before either product does anything and who would win out? Wish Webroot would post more technical deep dive Whitepapers on what and how exactly each of their Shields function, what does it monitor for, what detection logic happens on device vs in the cloud, etc. 

It would seem like the Anti-Ransomware and Foreign Code Shield would need on device logic or is it simply extracting and sending to BrightCloud the MD5 hashes and the execution patterns and needs to wait for a command/verdict from the cloud to say this pattern is bad and to terminate and journal back all changes. If so does that mean the new Anti-Ransomware module uses some sort of continuous rolling DB backup of file changes while it’s waiting for a verdict if ransomware was able to get to work before it’s terminated. Generally Journaling would only be able to reserve setting changes like program files written or registry keys added by basically deleting going off it’s list of recorded activity. But when ransomware is editing files directly and scrambling them a full backup is the only way to recover them, so I would assume that’s what this new Webroot Module is looking to add but just a guess.

Sure thing, if there is an easy way to move this to the beta channel or copy and paste feel free. I can’t see of an easy to do so but not sure if you have special mod tools to do so. 😅 Really interested to see some deeper insight and explanations if possible from product managers.