i sent a .zip file included near 5500 threat sample files .
when i scan those files with webroot Secure Anywhere only detected near 500 threats and do not detected more than 4000 files .
then I scan these files with other AV same TM, ... and they detected near 5000 threats .
then i sent all 4000 sample files for webroot threat research .
after near 3 days again i check files , but agaian webroot do not detected their .
send a request to webroot support about why after 3 days again webroot do not detected these files ?
they answer my question :
This appears to be a collection of very old threats that will not even execute on any of the Operating Systems that are supported by Webroot SecureAnywhere, which is why they are not being detected. We focus on current threats that are still being seen in the wild and have the potential to infect our users. If you have samples of any current infections that are being seen in the wild and currently infecting users that you believe we are missing, we would happily take a look at them.
Webroot Threat Research
But i have a other question :
Why other Security Companies Specially most valid Security companies same SY and TM detected old threats ?
I think this questions and topic help users to more understand about Webroot AntiVirus Products Operation .
Thank you .
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
I think that the reply from support is very clear and explanatory. WSA doesn't care for files which are harmless to OS being supported by WSA. In addition to this it is worth noting that WSA doesn't see inactive files as threats. It means that if an infection is only sitting on the hard disk without any action this file is harmless. WSA cares only when this file is executed and then WSA does its job.
Well, why other AV solutions detect your files is question rather for them than for Webroot but I think that these AV are conventional security solutions mainly relying on the AV definitions which are stuffed with all infections ever found. However this is not Webroot's approach.
I am not sure but I think I worked on that zip file and I did determine a number of the files bad. A large percentage were really old infections that were:
a) obsolete (i.e DOS malware)
b) havent been seen in the wild in years
c) used exploits that have been patched by MS
d) non-PE files or compontents of infections
If you upload the zip again and PM the link to me I`ll have a look again. Apologies if you werent the person I dealt with before as you can imagine I deal with loads of different sample sets!
Also I might attach my AOL 1.2 Pepsi punter so you can own the chat room beyond scrolling ascii dicks.
Think that you have a biiiiiiig problem if you are "scrolling ascii dicks" :S ;)
AOL chat rooms were the easymode mIRC's