Been hearing a lot about ransome ware attacks lately.

  • 26 March 2016
  • 1 reply
  • 22 views

How protected are we by Web root from malware that seeks to encrypt our pc. There have a  lot of such attacks in our region lately

1 reply

Userlevel 7
Hi putiki
 
Welcome to the Community Forums.
 
WSA provides protection against ransomware; we cannot say exactly how as that would be to play into the hands of the malware authors but suffice to say that you are protected.
 
The way that WSA works is to check on processes that are active or that become active and determines if they are 'good' or 'bad'; if 'good' then naturally the process is allowed. If determined to be 'bad' then the process is naturally blocked/prevented from running. But if a determination cannot be made the process is flagged as 'undertermined' and a couple of things happen (i) what the process can do is restricted & (ii) WSA starts journalling/recoridng what actions it performs on your system.
 
If WSA determines that the process is 'bad' it will block it and use the journals of what actions where performed to undone any actions it took.
 
For more information on this and on ransomware please listen to this webcast by BrightTalk about Ransomware. 
 
Hopefully this gives you sufficient information to answer your question but if not then please post back.
 
Regards, Baldrick

Reply