Knowledge Base

What is the difference between "Detection Configuration," "Protected Applications," and "Control Active Processes?"

  • 8 June 2012
  • 1 reply
  • 5758 views
What is the difference between "Detection Configuration," "Protected Applications," and "Control Active Processes?"
Userlevel 7
  • Retired Webrooter
  • 2146 replies

Question

What is the difference between the various tabs in WSA which you can set items to "Allow," "Protect/Monitor," or "Block/Deny?"
1. PC Security > Quarantine > Detection Configuration
2. Identity & Privacy > Protected Applications
3. System Tools > System Control > Control Active Processes

Answer

1. PC Security > Quarantine > Detection Configuration
- If an item is set to Allow in this area, it ignores it during scans and shield actions, meaning if it's a virus that has been allowed, it can continue acting as a virus acts.  Be careful of what you allow in this area and ensure it's something you trust implicitly if you are going to change the status from Block to Allow.
- If an item is set to Monitor, it causes Webroot to watch the item to determine if it is legitimate or related to malware.  It is not necessary to add files into this list or set files to monitor manually unless you are changing them from a Block or Allow status.  This might be useful if for example you think Webroot might have had a false positive on something and you want to check again at a later time to see if the determination has changed.  You could set it to Monitor and have Webroot check it again.
- If an item is set to Block, that item is treated as malware.  It will not be executed, and it will not be written to your hard drive.  Detected infections are automatically set to a Block status.
 
2. Identity & Privacy > Protected Applications
This setting will only appear for users of the Essentials or Complete versions of Webroot SecureAnywhere.  The basic Antivirus version does not contain this feature.
- "Allowed applications" are not secured against information-stealing malware, and also have full access to protected data on the system. Many applications unintentionally access protected screen contents or keyboard data without malicious intent when running in the background. If you trust an application that is currently marked as "Deny," you can change it to "Allow."
- "Protected applications" are secured against information-stealing malware, but also have full access to data on the system. By default, web browsers are assigned to the "protected" status. If desired, you might also want to add other software applications to "protected," such as financial management software. When you run a protected application, the Webroot icon in the system tray displays a padlock.
- "Denied applications" cannot view or capture protected data on the system, but can otherwise run normally.
 
3. System Tools > System Control > Control Active Processes
- Setting a process to Allow means it's allowed to run on the system. It's important to note that if an item is already allowed here, that's because Webroot knows already from seeing the file before that it's ok to allow.
- Setting a process to a Monitor status in this area means it would journal what that program is doing and keep a very close eye on it for any suspicious activity.  Basically it would treat it as if it wasn't already sure about it one way or the other, and it wants to monitor it closely until it's sure about it.
- Setting a process to Block means it can't run.  Be very careful about what you block in this area and ensure that anything you decide to block is a non-essential process.  Otherwise, you could be setting yourself up for a lot of grief if you block something critical.
 
The links used as headings above also link to the help file entries for each topic which contain additional information.

This topic has been closed for comments

1 reply

Userlevel 7
Badge +55
<div class="lia-message-template-content-zone"><p>Thanks I've been looking around this site for the answer</p></div>