Solved

Monitoring process?

  • 3 February 2017
  • 12 replies
  • 609 views

Userlevel 7
Badge +7
Hi everybody!
I have a few questions.Sorry, I wrote a little elaborately.
Sorry (google translate) 
 
1,
Use WSA firewall setting:
Warn if any process connects to the Internet unless explicitly allowed

 
 
Example: Chrome  
(or process & programs) 


 
C:ProgramDataWRData  
Open WRLog


 
 
I don't understand why writes into the diary Monitorig Process? 
 
WSA Control Active Process: Not Monitor & Block



 
WRData folder no dbxxxx.db file.
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
2,
Example install Omega Commander  [u]nknown (untrusted processed)
Monitoring



Created


 
There is a setting pop-up message when monitoring file?
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Preparing for the future Hungarian language support WSA? 
 
Regards,
Gyula
 
 
 
 
icon

Best answer by RetiredTripleHelix 4 February 2017, 23:57

View original

12 replies

Userlevel 7
Badge +52
hello
"There is a setting pop-up message when monitoring file?"
-https://community.webroot.com/t5/Ideas-Exchange/Notification-pop-up-unknown-application-is-started-monitoring-is/idi-p/193308
 
Userlevel 7
Badge +7
Unfortunately, it is not for the time being. :(
Very good idea! @ 
Userlevel 7
Badge +56
@ also alittle more info about this, WSA has many levels of Monitoring and depends on the level it will not show in the Monitoring process page and it's just an Unknown file/process to the Webroot Cloud Database. Now all other AV's just know Good and Bad but WSA knows of Unknown files as well so if you have many Unknown files like 20 or more it's best to Contact support and ask them to whitelist your unknown files so the Monitoring process will stop completely or if it turns out to be Bad (Malware or PUA) WSA will rollback your system to the pre-infected state so then the file will we flagged as Good or Bad to all users of WSA!
 
See this file: Thu 2017-02-02 21:43:22.0016 Monitoring process D:Program Files (x86)HowardHowardHoward.exe [B22C84ACF70E3DCB1E41FD186E45ECEB]. Type: 1 (3916)
 
Type 1 is the lowest Monitoring state and I'm not quite sure how high it goes but I have seen Type: 9 which is very high.
 
HTH,
 
Daniel 😉
Userlevel 7
Badge +7
@ Thanks the answer. 
I better understand the operation wsa. 
 
 
Userlevel 7
Badge +7
@
"Type 1 is the lowest Monitoring state and I'm not quite sure how high it goes but I have seen Type: 9 which is very high."
 
Firewall: Warn if any process connects to the Internet unless explicitly allowed
Firewall monitoring.... 
 
The same process Type1 and Type0 ? 
Where did it get teeth?
 


 
Userlevel 7
Badge +56
@ wrote:
@
"Type 1 is the lowest Monitoring state and I'm not quite sure how high it goes but I have seen Type: 9 which is very high."
 
Firewall: Warn if any process connects to the Internet unless explicitly allowed
Firewall monitoring.... 
 
The same process Type1 and Type0 ? 
Where did it get teeth?
 


 
We had a discussion on the same question so read more here: https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Should-Default-User-Settings-include-Warn-not-Enable-Max/td-p/269643
 
With that Many being Monitored it would be best to Submit a Support Ticket and ask support to whitelist your Unknown files!
 
Type1 and Type0 are very low, as I said there are many levels and you could see the same file being Monitored at many different levels at the same time.
 
HTH,
 
Daniel 😉
Userlevel 7
Badge +56
Just an Example from one of my Windows 10 Insider Builds:
 
Fri 2017-01-20 21:46:19.0625 Monitoring process C:WindowsSystem32smartscreen.exe [B0F1C2B363ABF847896F8E72539EE991]. Type: 3 (61713)
Fri 2017-01-20 21:46:19.0625 Monitoring process C:WindowsSystem32smartscreen.exe [B0F1C2B363ABF847896F8E72539EE991]. Type: 4 (61713)
Fri 2017-01-20 21:46:19.0625 Monitoring process C:WindowsSystem32smartscreen.exe [B0F1C2B363ABF847896F8E72539EE991]. Type: 5 (61713)
Fri 2017-01-20 21:46:19.0626 Monitoring process C:WindowsSystem32smartscreen.exe [B0F1C2B363ABF847896F8E72539EE991]. Type: 7 (61713)
Fri 2017-01-20 21:46:19.0626 Monitoring process C:WindowsSystem32smartscreen.exe [B0F1C2B363ABF847896F8E72539EE991]. Type: 6 (61713)
Fri 2017-01-20 21:46:19.0627 Monitoring process C:Program FilesWindowsAppsMicrosoft.SkypeApp_11.10.141.0_x64__kzf8qxf38zg5cSkypeHost.exe [8F4C82FA1B30EDEDCF223721E8CA0848]. Type: 1 (50461)
Fri 2017-01-20 21:46:19.0629 Monitoring process C:WindowsSystem32SettingSyncHost.exe [FA9E890785A635AB4BA0ABB30ABBDE17]. Type: 2 (61665)
Fri 2017-01-20 21:46:19.0631 Monitoring process C:WindowsSystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 3 (61598)
Fri 2017-01-20 21:46:19.0631 Monitoring process C:WindowsSystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 4 (61598)
Fri 2017-01-20 21:46:19.0631 Monitoring process C:WindowsSystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 5 (61598)
Fri 2017-01-20 21:46:19.0631 Monitoring process C:WindowsSystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 7 (61598)
Fri 2017-01-20 21:46:19.0631 Monitoring process C:WindowsSystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 6 (61598)
Fri 2017-01-20 21:46:19.0634 Monitoring process C:WindowsSystem32audiodg.exe [DF180F20C8D39C5FB04544A9CD40530E]. Type: 2 (61741)
Fri 2017-01-20 21:46:22.0558 Monitoring process C:WINDOWSsystem32ackgroundTaskHost.exe [5994D7436A0E5AA88261169A24BFA877]. Type: 2 (62669)
Fri 2017-01-20 21:46:22.0827 Monitoring process C:WindowsSystem32SystemSettingsBroker.exe [876EBB3210D5D51F50C4EFC1CEABC7A9]. Type: 2 (61759)
Fri 2017-01-20 21:46:24.0478 Monitoring process C:WINDOWSsystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 3 (61598)
Fri 2017-01-20 21:46:24.0478 Monitoring process C:WINDOWSsystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 4 (61598)
Fri 2017-01-20 21:46:24.0478 Monitoring process C:WINDOWSsystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 5 (61598)
Fri 2017-01-20 21:46:24.0478 Monitoring process C:WINDOWSsystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 7 (61598)
Fri 2017-01-20 21:46:24.0478 Monitoring process C:WINDOWSsystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 8 (61598)
Fri 2017-01-20 21:46:24.0478 Monitoring process C:WINDOWSsystem32SearchProtocolHost.exe [60345A456299C480A825A7F2782CFA30]. Type: 6 (61598)
Fri 2017-01-20 21:46:24.0516 Monitoring process C:WINDOWSsystem32ApplicationFrameHost.exe [74BEBDE6909CDF8DED32A38C0EBA1AD5]. Type: 3 (62236)
Fri 2017-01-20 21:46:24.0516 Monitoring process C:WINDOWSsystem32ApplicationFrameHost.exe [74BEBDE6909CDF8DED32A38C0EBA1AD5]. Type: 4 (62236)
Fri 2017-01-20 21:46:24.0516 Monitoring process C:WINDOWSsystem32ApplicationFrameHost.exe [74BEBDE6909CDF8DED32A38C0EBA1AD5]. Type: 8 (62236)
Fri 2017-01-20 21:46:24.0516 Monitoring process C:WINDOWSsystem32ApplicationFrameHost.exe [74BEBDE6909CDF8DED32A38C0EBA1AD5]. Type: 6 (62236)
Fri 2017-01-20 21:46:24.0814 Monitoring process C:WINDOWSImmersiveControlPanelSystemSettings.exe [DCE5A5FB88CC990E771D84C1F2B1EDDA]. Type: 2 (60870)
Fri 2017-01-20 21:46:26.0822 Monitoring process C:WindowsSystem32RuntimeBroker.exe [22A2463FFB1A3FB6C53DB17DEC78B049]. Type: 2 (61652)
Fri 2017-01-20 21:46:47.0274 Monitoring process C:WINDOWSSystem32BackgroundTaskHost.exe [5994D7436A0E5AA88261169A24BFA877]. Type: 2 (62669)
Fri 2017-01-20 21:46:50.0565 Monitoring process C:WINDOWSsystem32 askhostw.exe [D0F582D998E9B1A5987A06A2C81C73BB]. Type: 2 (62203)
Userlevel 7
Badge +7
"With that Many being Monitored it would be best to Submit a Support Ticket and ask support to whitelist your Unknown files!"
 
It is not the problem. Send to [u]nknown file (support)  weekly.
@ 
Problem firewall and monitoring the log. (diary)
 
Basic Firewall: Warn if any new, untrusted processes connect to the Internet if the computer is infected
Example: Total Commander (TOTALCMD64.EXE) reliable not [u] the scan file (log)  TOTALCMD64.exe [g] good
Not Monitoring TOTALCMD64.exe Diary! !
 
Firewall adjust Warn if any process connects to the Internet unless explicitly allowed.
From then continuously writes From then continuously writes in the diary! Monitoring all process for the log.
Monitoring  TOTALCMD64.exe Diary! 
 
I do not understand. trusted will not trusted?
 
Sorry language mistakes! I do not want confusion.
If you do not understand, I'm doing you a few videos, you are very welcome.
 
Gyula
 
 
Userlevel 7
Badge +56
@ wrote:
"With that Many being Monitored it would be best to Submit a Support Ticket and ask support to whitelist your Unknown files!"
 
It is not the problem. Send to [u]nknown file (support)  weekly.
@ 
Problem firewall and monitoring the log. (diary)
 
Basic Firewall: Warn if any new, untrusted processes connect to the Internet if the computer is infected
Example: Total Commander (TOTALCMD64.EXE) reliable not [u] the scan file (log)  TOTALCMD64.exe [g] good
Not Monitoring TOTALCMD64.exe Diary! !
 
Firewall adjust Warn if any process connects to the Internet unless explicitly allowed.
From then continuously writes From then continuously writes in the diary! Monitoring all process for the log.
Monitoring  TOTALCMD64.exe Diary! 
 
I do not understand. trusted will not trusted?
 
Sorry language mistakes! I do not want confusion.
If you do not understand, I'm doing you a few videos, you are very welcome.
 
Gyula
 
 
Yes but not sure if that setting is working as it should be: Warn if any process connects to the Internet unless explicitly allowed.
 
"The Product Team has informed me that this issue has been documented and we are actively tracking it. They also said there has been only one report thus far, meaning that it is by no means a high-priority-issue in the backlog.
 
Also trying to figure out if this affects all OS's or just Win10."
 
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Should-Default-User-Settings-include-Warn-not-Enable-Max/td-p/269643/page/2
 
If you are having issues in any way contact Webroot Support as they can look at your scan log!
Userlevel 7
Badge +7
 @
 


 
Two months ago, the employment issue. Not so long to come back Firewall (settings) WSA Windows 8 & 8.1 & 10
 
 
 
 
 
Userlevel 7
Badge +56
@ wrote:
 @
 


 
Two months ago, the employment issue. Not so long to come back Firewall (settings) WSA Windows 8 & 8.1 & 10
 
 
 
 
 
Yes for a few years the Firewall settings were missing on Windows 8, 8.1 and Windows 10 and Webroot has put them back!
https://community.webroot.com/t5/Ideas-Exchange/Outbound-connections-fw-control-in-Win-8-Win-8-1/idi-p/60003
 
😉
Userlevel 7
Badge +7
 

Hi Community!
 
I would like Hungary language support for WSA. 
What can I do so?
Wrote Ideas topics. 
How cost New language for WSA? 
 

Reply