Solved

Will whitlisting a site WSA flags allow all malware on that site to run?

  • 16 January 2014
  • 27 replies
  • 125 views

Userlevel 3
Hello and thanks for looking at my question..
 
 
Scenario one, a user visits a site and is alerted by your software that is a risky site. The user chooses to ignore the warning and contiunes to view the site.
 
in this scenario has the user told WSE to trust anything coming from this site?
 
I ask this because I want to visit a site that is flagged, which i find hard to believe, but I don't want to openmyself up to virus. If I don't download anything from the site and just read the text, am i still safe?
 
 
icon

Best answer by RetiredTripleHelix 18 January 2014, 04:53

View original

27 replies

Userlevel 7
Hello garlicwebroot :D

As far as I know, no. WSA will not whitelist all things coming from that website, and will still protect you if you visit the website anyway.

Regarding your second question, that depends. The website may still try to perform a drive by download and drop, execute, and install a malicious payload onto your system. However, if it does try this, Webroot will block the payload and if it is an unknown payload, Webroot will begin journaling it's every action and when deemed malicious will roll back and undo all changes done. Also you are still protected by the identity shield so that while it is being monitored if not blocked by a signature, it won't be able to capture anything from your browsers.

Hope this helps,
Shran 😃
Userlevel 3
thanks!
Userlevel 7
Happy to help 😃
Userlevel 2
So once you're at a web site, does webroot do its usual thing regardless of whether it was flagged?  Or does it take extra measures if you overrode the block?
 
Ken
 
Userlevel 3
tech support informed me that when you disable protection for a site WSA no longer scans that site and no longer protects you against key loggers on the site. It does however, still protect you from any virus the site may try to install on your OS.
Userlevel 2
Is unblocking the same as disabling protection?
 
I'm asking about a site for which webroot gives the "This website has been reported as unsafe" screen and I proceed anyway.
 
Ken
 
Userlevel 7
As far as malicious code embedded within the site, yes.  If you over-ride the block, any malicious code or key logger on that site might possibly execute unchecked.  Any component that requires a file to be downloaded onto your computer will still be protected against though.
Userlevel 2
Sorry if I'm still confused.  Does that mean that if a site that has not been reported as unsafe has malicious code, webroot will protect against it?  But if it's been reported and I go there anyway it won't?
 
Ken
 
Userlevel 7
Badge +56
The rest of WSA's Shields will still protect you from malware such as the Identity Shield even infected still protects from all online attacks seen here: http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6a_ManagingID.htm so WSA has many layers of defence to all malware!
 
TH
Userlevel 3
your question blew my mind!
 
ya i see what you mean. In theory i should be able to go to these sites and not be concerned because WSA is keeping me safe, and all the more so if its a site known to be malicious.
 
So WSA can protect you from  a sites keylogers and malicious stuff but once WSA labels the site malicious and you decide to ignore that label, all of a sudden you are stripped of some protection?
 
Userlevel 2
Thank you!  Never looked at the full list before - pretty impressive.  I've got all of the protections on.  I don't randomly blast past warnings, but every now and then I'll continue on to a site that I have reason to believe is safe despite a warning.  I feel more comfortable now.
 
Ken
 
 
 
Userlevel 7
Badge +56
How can it run? And if it did run WSA's AV with pick it up and if it's unknown will start to Journal and if deemed malicious it will rollback to the preinfection state please see here great info:  https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Webroot-question/m-p/76985#M5582
 
HTH,
 
TH
Userlevel 7
Okay, now I'm a bit confused myself! 😳. How can malicious code steal anything or even attempt to without downloading? Does that mean that once you leave the webpage if it did have a keylogger that ran without downloading it would be gone as soon as you left the webpage?
Also like grishnakh asked does that mean if the web filter doesn't block a webpage and the page does have malicious code like that that doesn't download then it would be allowed to run as long as it didn't download?

😳
Userlevel 3
mind blown again
Userlevel 7
Badge +56
If it downloaded!! Even an active unknown keylogger can't steal anything from your browser sessions with the yellow padlock on the Tray Icon showing you that Identity Shield is protecting you!! WSA has many Shields to protect it's users see the Video's in my last post.
 
HTH,
 
TH
Userlevel 7
Okay thanks my friendly Helix! 😃
Userlevel 7
Badge +56
But it's best to keep all Shields running as they work as the Perfect Team in a 744kb downloaded client! Sorry garlicwebroot. I can't agree with your signature Idea.
 
TH

 
Userlevel 3
no problem, i dont know how to use this thing. working on it
Userlevel 7
Badge +56
Tell me what you would like to know?
 
Daniel
Userlevel 7
Badge +56
Here is my setup from a clean install! It's not for everyone as it could cause False Positives and that's it! The first picture is because I want to know what's happening at all times and I decide what to do! And the last picture make sure all Browsers are listed and under Protect! Happy Surfing!
 
Daniel :D
 


 


 


 



Userlevel 3
would you add Sumatra PDF to application protection ?
Userlevel 7
Badge +56
@ wrote:
would you add Sumatra PDF to application protection ?
You can and if it doesn't work right then remove it. That's a good one I'm going to add Adobe Reader as it does open in the Browser! ;)
 
Thanks,
 
Daniel
Userlevel 3
check out EMET 4.1 as well if you havnt yet. It further hardens a system. Basically i added anything that reaches the net to it.
 
http://support.microsoft.com/kb/2458544
Userlevel 3
would you add java.exe, javacpl.exe, jave-rmi.exe, javaw.exe and javaws.exe to application protection?
Userlevel 7
Badge +56
@ wrote:
check out EMET 4.1 as well if you havnt yet. It further hardens a system. Basically i added anything that reaches the net to it.
 
http://support.microsoft.com/kb/2458544
You can use EMET but it's not really needed with WSA but that is your choice! I don't use EMET and I don't see a need for it myself. You don't want to harden it to much then you lose the pleasure of using your PC as it was intended for. Did you look at the link I posted to the 3 video's if not it's a great information tool.
 
Daniel 😉

Reply