To Customer Support To Customer Support
Solved

WSA protects private data?

S
Rank
Userlevel 4
While an unknown process that is potentially malicious is being monitored by WSA, I've read that private data is protected from being transfered and stolen from whoever.
 
Exactly what private data is protected? I know keystrokes in 'protected' browsers are prevented from being recorded and such things. But what about my personal files? My documents? My Google Drive content? Are they in danger of being stolen by a monitored process? Does WSA prevent this?
 
Anyone care to explain what protection of private data means? I'd really like to know!
 
Gabriel
icon

Best answer by DanP 4 June 2014, 21:10

View original

12 replies

shorTcircuiT
Rank
Userlevel 7
Hello Shadek,
 
I am pretty good with the operations of WSA, but not so good with the technical 'how it does it' stuff. The protection of private data is one of the tech areas I am not as good in.... @ can you look this over at some point today?
 
Until then, I do know it does protect that kind of data.  If a monitored process attempts to access that sort of data it is stopped from doing so.  Things like your documents and contacts, WSA detects when things are accessing those and if it is unknown WHY, it will be monitored or blocked. 
 
If you look into Identity Protection, click the 'gear tool' and then click the Application Protection tab.  What you do not want to see are programs set to Allow.  This will allow that program to do pretty much anything it wants.  Not a good thing.
 
Block will block all access.  Copy/Paste with data from a text file should be denied, if I understand things correctly.
 
Protected is where your browsers go... you can copy data from a text file and paste it into the browser, but the browser cannot, due to an infection, obtain data on it's own without you doing it  yourself.
 
 
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Yes it protects your private Data as you can see in this short video like they say a picture is worth a thousand words so a video must give you much more: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202 & even the Firewall will block anything being monitored https://community.webroot.com/t5/Webroot-SecureAnywhere-Internet/Why-doesn-t-the-firewall-block-everything-by-default/ta-p/5818
 
HTH,
 
Daniel 😉
Baldrick
Rank
Userlevel 7
Apologies for butting in Guys, but shadek may also find this KB article of assistance with the question, especially the '2. Identity & Privacy > Protected Applications' section.

 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
S
Rank
Userlevel 4
Thank you for answering my question.
 
However, none of the posts answer my direct question; Is a 'monitored' process (which state was set by the cloud) blocked by WSA from stealing important information from i.e. C:GoogleDrivexxx? 
 
Or is the 'monitored' process allowed to access the data (i.e. C:GoogleDrivexxx) and upload it to an unknown host? I believe this is called data leak. Can anyone provide a clear answer on this? :D
 
I do completely understand the way ID-shield works and the way journaling works. None of those protect data folders on drive C:xxx from being sent to unknown hosts. They only protect chosen browsers (or manually chosen applications) and complete removal of malware and the changes they made. I don't really care if the malicious changes are undone when my GoogleDrive data has been leaked. :)
 
The firewall in WSA for Win 7 did provide me with the option to prevent monitored processes from accessing the Internet. This is not something you can do with WSA in Win 8. So I wonder, again, can a monitored process access C:GoogleDrivexxx and send it to an unkown host? If not, how is the data protected?
Baldrick
Rank
Userlevel 7
Hi shadek
 
I see where you are going with that...and I suspect that if WSA saw a monitored process carrying out the action that you are describing it would construe that as inappropriate action and so block it, etc...but I do not honestly KNOW.  Perhaps @ could help us out with a consideration of and an answer to your excellent question?
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
S
Rank
Userlevel 4
@ wrote:
Hi shadek
 
I see where you are going with that...and I suspect that if WSA saw a monitored process carrying out the action that you are describing it would construe that as inappropriate action and so block it, etc...but I do not honestly KNOW.  Perhaps @ could help us out with a consideration of and an answer to your excellent question?
 
Regards
 
 
Baldrick
It'd be great to know! I have data on my computers that absolutely cannot be allowed to be stolen. If monitored processes cannot be prevented from stealing this data I need to complement WSA with something that protects the data.:)
 
Gabriel
Baldrick
Rank
Userlevel 7
Hi Gabriel
 
OK, nothing yet back from Shawn so perhaps we will try via the good offices of our most excellent Community Manager, @ 
 
Hi Nic, would you be able to check with development on the very good question that Gabriel posed back in post 5?  It is an important that we would love to have the answer to.
 
Many thanks in advance if yo can facilitate this enquiry...;)
 
Regards
 
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
DanP
Rank
Userlevel 7
Badge +35
Hello Shadek,
Monitored processes are prevented from performing certain actions, so a monitored process should be prevented from performing data theft like you described. 
 
Thanks,
 
-Dan
Webroot Threat Research
Baldrick
Rank
Userlevel 7
Hi Dan
 
Much obliged for the response...that is good to know.
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
nic
Userlevel 7
Badge +56
Thanks Dan - Shawn is out on vacation so I pinged Dan to help out.  Sorry for the delay in getting you an answer!
Baldrick
Rank
Userlevel 7
Thanks, Nic
 
Many thanks for the assist.
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
S
Rank
Userlevel 4
@ wrote:
Hello Shadek,
Monitored processes are prevented from performing certain actions, so a monitored process should be prevented from performing data theft like you described. 
 
Thanks,
 
-Dan
 
Thank you so much for clarifying! This is very valuable information I've been given. 🙂

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.