Solved

Webroot SecurAnywhere - system events monitoring

  • 26 September 2012
  • 4 replies
  • 64 views

What is the System Events monitoring function? So far it says it has inspected over 3 BILLION system events since installation. What is that all about? Is this using any resources, what exactly is it inspecting? Is it reporting events on my system?
 
 
Thanks.
icon

Best answer by JimM 26 September 2012, 19:32

View original

4 replies

Userlevel 5
The system events monitoring is recording activity taking place across your system in real-time. These include file activity, registry changes, network/internet activity to name a few.

If you click on View Details, you'll see another screen where you can double-click on individual events to see more details.
Userlevel 7
On the Overview tab or main screen area of the 2013 version of WSA, you'll see a line stating how many system events have been inspected since startup and how many since installation.

Events are a lot of different things.  It's a vague term used to describe things that happen on a computer that a piece of code reacts to.  Events are low-level things like "user moves the mouse" or "hardware device does something."  When one of these things happens, multiple events fire off, during which various code segments act on that input, produce a result, and feed it back to the user somehow.  It includes everything Tony mentioned above and a lot more.

Because WSA looks at your system on such a low level, it can detect threat actions based on what the events and event handlers are actually doing, in addition to noticing which files are good, bad, or unknown.

To your question, yes, that number reflects the number of events on your system.  It seems like an enormous amount, and it is in a way, just numerically.  But for every key I've pressed in writing this reply, I've generated an event.  Every minor mouse movement, every click, and every individual action any background program is doing while I'm typing this, loosely represents at least one event.  WSA shows you this figure to give you an accurate representation of what it's actually doing at all times, and how much stuff it's keeping tabs on in order to keep your computer safe.  If you click View Details on that line, you can actually drill down further to see what those specific events are.

To your other question, no, it's not using many resources at all.  At the very bottom of WSA is a grey line that shows exactly how many resources WSA is using.  To illustrate what this will typically look like for most customers, I'll use my really old not-very-good test box as an example.  This is a Pentium 4 2.8 running XP-32, clocking at 2.79mhz with 2GB of RAM on a 48.8 GB HD (not exactly glamorous to say the least).  On this computer, WSA is using 0.15% of CPU and 0.004% of HD space.  So while WSA inspects events at an incredibly low level, it does so by using barely any resources at all.

Let me know if you have any additional questions!  🙂
Userlevel 5
@ wrote:
 
To illustrate what this will typically look like for most customers, I'll use my really old not-very-good test box as an example.  This is a Pentium 4 2.8 running XP-32, clocking at 2.79mhz with 2GB of RAM on a 48.8 GB HD (not exactly glamorous to say the least).  On this computer, WSA is using 0.15% of CPU and 0.004% of HD space.
@ give another example: on my Intel Core i3 2390T @ 2.70GHz with 4GB RAM running Windows 7 64-bit system, WSA has used 0.01% of CPU since installation and 0.001% of HD space.
Cool, thanks for the explanation... I monitored it for a while, and indeed the CPU usage is negligible. I was just wondering what events it was scanning, and of course, I completely neglected to click on "Details"... Duh...
 
 
Thanks again, love the program, I kicked MS Security Essentials to the curb...

Reply