Exclude folders from scanning?

Why shall we convince Webroot about the reasonability of what some of us want, if what we want is available already by other developers? Most others have this feature - there must be a reason. What we think is reasonable has already been clearly rejected by Webroot as not reasonable. It's a clear case.

Thank you railshot. There are many alternatives. I was with Webroot for my entire family, and had planed to use it in our corporate business. But while waiting for a reply and while getting always the same replies that WebRoot is close to perfect, I looked into alternatives where in some cases I got really amazing support, where people actually listened to our issues, requirements, etc.

Cheers and all the best. I am out of here.

Its not arrogance I assure you, you think its a simple and effective idea but in reality its a terrible idea. Even as it stands I see people getting infected by adjusting the settings or allowing infections by altering our determinations. Even people who are quite technical I have seen get themselves infected by allowing files that they think are good or ignoring our warnings.
 
Our job is to protect our customers first of all and sometimes it means we have to take a tough stance on certain issues.
 
Imagine the chaos that could happen if somebody excluded there entire c:, may seem crazy but I have seen people do it with other products!

Dear Kit,

I sent all including log files to Support after opening a ticket. I got only a reply that the issue has not been solved yet. And it is still not yet decided when and whether at all this issue will be adressed any time soon. Some features of iMonitor are not running with WR active. We tracked down what feature it was - no solution as of now.

Making a software boot without error does not mean that it performs in all functions and features as requested. For me the issue remains in solved until I get a solution that works.

I got a mail sayin that this TOPIC has been solved... I did not yet get a solution to my problem with running iMonitor. I am still waiting for tech support feedback.

Please don't ask us if we can make the majority want this etc. I from my point of view have a correct application which hinders me from using WebRoot.

I only got a reply saying: we look into it, but cannot tell what the outcome is. And I wait several months now without any feedback.

Fact is that on several hundred PC's in our office, we cannot use WebRoot now. On my private one neither - for the same reason.

Thank you.

Do your homework, Kit. Norton's computer resource usage is barely noticeable these days. And I wouldn't dream of paying them or anybody else $99 to reinstall Windows - which is what viral removal mostly comes down to. I've been doing this for free for about 20 years for my extended family and friends.
 
I know that I cannot change your mind and you know that you cannot change mine. Let's call it a draw 😉

My Norton subscription is running out, so I'm checking back in here to see if Webroot has come to their senses. Alas, still being stubborn it seems, even though a business user submitted a long list of good reasons to allow folder exclusion:
http://community.webroot.com/t5/Ask-the-Experts/Re-Exclude-folders-from-scanning/td-p/7666
 
Looks like Norton can count me in for another year.

I wouldn't necessarily say that, per se. Not a matter of trusting the program, but rather saying they trust their rules and criteria completely. However without knowing what the criteria are, it's difficult to say whether something is actually a threat.
 
For example, "If it modifies the machine code of another binary and isn't signed by the same trusted certificate as the file being modified, it's a threat" will potentially catch a lot of legitimate patches and third-party patches. If their criteria include "Make changes to an installed program in some manner that allows evasion of DRM", then something as simple as a program that puts a text string in the registry to allow something to extend its trial would be considered an infection by their AV, even though it really isn't.
 
Your observation is more along the lines of, "This file was detected by this definition that says it does X, Y, and Z. But even though this specific file doesn't actually do that, the definition says it does so that's good enough".
 
Webroot tries to be clear on what the criteria are and what a specific file does exactly that got it triggered on. That way other educated people can verify separately as well and make educated decisions.
 

As there is no information on what files they are saying this to, nor on what their criteria for detection are, there is nothing that can be said regarding it other than: There is nothing that can be said regarding it.
 
Transparency is important. For example, as Roy said, we don't mark things that are legitimate software in many cases, such as toolbars. So without knowing specifically what the file in question is and what specific Norton criteria it meets, the information is not useful to anybody to make an educated decision on anything.

@ wrote:
Does that mean that WebRoot needs to have Internet connection in order to identify viruses or malicious code?

No, but...
 
Every AV needs the internet to identify threats accurately. Even if you download the newest version of other stuff available to install, it will still be quite some time behind on its patterns and definitions. The downside is that if the other stuff misses something because a network connection was missing and so it couldn't get its info, it's pretty much game over. The threat has free reign and can do anything it wants to without the other AV knowing what happened, because the other AV only knows "It's not on my list of bad things, so it must be good". All AVs require an internet connection to work well, but they will at least work some without it.
 
Webroot also needs an internet connection to identify threats most accurately. When it knows it has none, it goes into effectively Hyper-Paranoid mode and watches things much more closely. It can still detect and clean up threats in this situation, but not nearly as effectively. Which is why the requirements for the software (just like other AVs) include "Internet Connection". Webroot requires an internet connection to work well (and won't even install without one), but will not only work some without it, but also can completely 100% recover the system from any infection that gets in while the network is down.
 
However that's a tricky thing. The vast, vast majority of threats come from the internet, so when the network is dead and the AV (Any AV) is less-effective, the liklihood of catching a threat is also reduced hugely by the air gap. The air gap itself is a major way to avoid infections.
 
Yes, something could be downloaded before, but Webroot does scan downloads realtime. Downloaded and moved to a USB stick and then introduced to the machine when the network is off? The chances of that being done by any of the millions of Webroot users is so exceptionally slim it's not even funny. Never been done by accident. Only proposed in theoretical cases or instigated intentionally for testing purposes.
 
So:
No, Webroot does not need the internet to identify threats, BUT: It does need them to identify well and accurately, BUT: So does every other AV in the long run, AND: Webroot without the internet does better than any other AV with no definitions or old definitions, AND: Items that are undetected without the network are still fully removed when the network returns and any damage that could have been done is undone, AND: The chance of getting a new infection without internet is next to none and has never been seen in legitimate user cases.
 
Next on my agenda, I think I will do some cross-checks against claudiu and encourage Jim to do the same.  Then... DINNER!

In cases of VMs, technically Webroot should be run on the VM.  Obviously in the case of a Mac VM, this ends up being a different process. No AV is perfect. Even the user will create security holes. No AV can stop somebody from doing something unexpected or dumb. ;)
 
So, Webroot is Extra-Light partially because it is smart enough to only scan what can actually be bad, yes. There are other things that contribute to being light though. 
 
Certain generic data is collected regarding every file that is scanned by every AV. On Other AV, this data is then compared against the local database of "Bad Stuff".  That database can get pretty big (hundreds of megabytes). It has to remain in memory or it will chew up the disk all the time instead. And each record it goes through is multiplied by each extra file it scans. 5,000,000 records times 300,000 files means a heck of a lot of comparisons. Even one file against 5,000,000 records is a mess of work comparatively. And while 5,000,000 may seem like a lot, it's a fraction of the bad stuff out there.
 
Webroot gets the data, then sends it to the servers on the internet. They have a heck of a lot more power than any one computer and they have access to somewhere like 500,000,000,000 pieces of information instead.  (Number pulled from under a carpet.  Maybe somebody with current data can chime in with how many rows are in the Enzo DB now).  So instead of your computer getting 30 pieces of generic data about a file and comparing it to 5 million things every time you access a file, it gets those 30 pieces of generic data and lets the server compare them to 500 billion things and send back the response.
 
But it's even more than that too. Other AV looks at the file and gets 30 datas. One of those datas is the hash signature of the whole file, which indicates whether the file has changed at all. So the whole file needs to be read to get that data. And every time the file is accessed by something, the AV gets those datas again and compares them against 5 million things each time.
 
Webroot reads the whole file to get those 30 datas also.  But it always gets the full hash first. If it sees that the hash is the same as what it got before, it knows that the rest of the data is the same, so it doesn't waste time collecting that data again. That's a good thing.
 
"But what about having to read the whole file to get the hash? That takes a long time!"
Yes, yes it does. But... When Webroot is running, it knows everything that touches the disk to write. So if the file has not been touched by anything, Webroot doesn't even need to get that hash.
 
And even more importantly: Other AVs are statically prophylactic only. They -must- catch the threat before it starts doing anything at all in machine code otherwise they cannot prevent the infection. That means that before something can run or be accessed, it has to be fully-checked. Thus the access is put on pause while it is checked.
 
By comparison, Webroot has a much larger buffer for what it can do to protect. Even if a threat has started running, everything it does is watched, recorded, and thus revertable. Critical access to sensitive places is blocked until things are determined to be safe, but most programs don't ever try to access those sensitive places. So from the program's point of view, it's not stopped or inhibited at all. If the thing turns out to be a threat, it's killed and everything it did is undone.  Even days later, but usually within seconds or minutes.
 
So:
 - Scan only the important things that need to be scanned to protect you fully.
 - Remember information for quick access so things don't need to be repeated over and over again repeatedly over and over again.
 - Don't do all the work of checking things on your computer. Your computer has better things to do with its CPU and disk. Check the things in the cloud.
 - Don't put things on hold unless they are critical deep access that can allow evading Webroot. Most programs don't go that deep so don't get put on hold.
 - Have a developer that prefers to write ten lines of highly-efficient code to make something happen instead of 200 lines of junk that works, but is icky. (Heck, even I did stuff like that. Our old WLogs program was about 5MB or so and had a whole bunch of weird ways to try to do things, and did them slowly, about twenty minutes or more to run. When I wrote WSALogs, I focused strongly on doing it all more efficiently and quickly and doing it all in a smaller package. Under a megabyte and usually runs in three minutes or less.)
 
WSA is a lot of looking at the things that make other AV programs heavy and finding solutions that make WSA light.

@ wrote:
Kit, or anybody else,
 
can someone again explain me in simple terms what the main difference is between WebRoot and others Antivirus Applications?
 
Why is WebRoot using substantially less Resources than others?
 
 
Thank you

Thank you for the reply Kit. So this means that WebRoot only catches or kills a threat when it actually could become a risk. Or in other words, as long as it is impossible to become a threat, WebRoot does not take action (for example a virus in an Archive, a virus on a network folder, etc....)
 
Is that the main reason why WebRoot does use substantially less resources than others Anticirus Apps? (see my quoted question above).
 
Thanx