Hi ,
i sent a .zip file included near 5500 threat sample files .
when i scan those files with webroot Secure Anywhere only detected near 500 threats and do not detected more than 4000 files .
then I scan these files with other AV same TM, ... and they detected near 5000 threats .
then i sent all 4000 sample files for webroot threat research .
after near 3 days again i check files , but agaian webroot do not detected their .
send a request to webroot support about why after 3 days again webroot do not detected these files ?
they answer my question :
" "
Hello,
This appears to be a collection of very old threats that will not even execute on any of the Operating Systems that are supported by Webroot SecureAnywhere, which is why they are not being detected. We focus on current threats that are still being seen in the wild and have the potential to infect our users. If you have samples of any current infections that are being seen in the wild and currently infecting users that you believe we are missing, we would happily take a look at them.
Thanks,
Webroot Threat Research
" "
But i have a other question :
Why other Security Companies Specially most valid Security companies same SY and TM detected old threats ?
I think this questions and topic help users to more understand about Webroot AntiVirus Products Operation .
Thank you .
Amir
about answer " do not detected some threats "
Userlevel 7
+37
Userlevel 7
Hello Amir,
I think that the reply from support is very clear and explanatory. WSA doesn't care for files which are harmless to OS being supported by WSA. In addition to this it is worth noting that WSA doesn't see inactive files as threats. It means that if an infection is only sitting on the hard disk without any action this file is harmless. WSA cares only when this file is executed and then WSA does its job.
Well, why other AV solutions detect your files is question rather for them than for Webroot but I think that these AV are conventional security solutions mainly relying on the AV definitions which are stuffed with all infections ever found. However this is not Webroot's approach.
I think that the reply from support is very clear and explanatory. WSA doesn't care for files which are harmless to OS being supported by WSA. In addition to this it is worth noting that WSA doesn't see inactive files as threats. It means that if an infection is only sitting on the hard disk without any action this file is harmless. WSA cares only when this file is executed and then WSA does its job.
Well, why other AV solutions detect your files is question rather for them than for Webroot but I think that these AV are conventional security solutions mainly relying on the AV definitions which are stuffed with all infections ever found. However this is not Webroot's approach.
Userlevel 7
Hello,
I am not sure but I think I worked on that zip file and I did determine a number of the files bad. A large percentage were really old infections that were:
a) obsolete (i.e DOS malware)
b) havent been seen in the wild in years
c) used exploits that have been patched by MS
d) non-PE files or compontents of infections
If you upload the zip again and PM the link to me I`ll have a look again. Apologies if you werent the person I dealt with before as you can imagine I deal with loads of different sample sets!
I am not sure but I think I worked on that zip file and I did determine a number of the files bad. A large percentage were really old infections that were:
a) obsolete (i.e DOS malware)
b) havent been seen in the wild in years
c) used exploits that have been patched by MS
d) non-PE files or compontents of infections
If you upload the zip again and PM the link to me I`ll have a look again. Apologies if you werent the person I dealt with before as you can imagine I deal with loads of different sample sets!
Userlevel 7
+37
Maybe these threats are old , but i suggestion webroot will add these threats MD5 to cloud ( WIN ) webroot inteligent network for detect .
Regards ,
Regards ,
Userlevel 7
Its not really adding to our intelligence network adding dead/obscure files, I couldnt even get some of these to run they are that old! A large number werent executables some were exploits for programs that arent used anymore some even dated from the very early 90`s. The files that were relavent were added but even they werent seen in the wild that much anymore.
That's it I am sending in a netbus and backorfice Trojans!
Also I might attach my AOL 1.2 Pepsi punter so you can own the chat room beyond scrolling ascii dicks.
Also I might attach my AOL 1.2 Pepsi punter so you can own the chat room beyond scrolling ascii dicks.
Userlevel 7
Hi tempnexus
Think that you have a biiiiiiig problem if you are "scrolling ascii dicks" :S ;)
Regards
Baldrick
Think that you have a biiiiiiig problem if you are "scrolling ascii dicks" :S ;)
Regards
Baldrick
Aww, no one remembers the early days of chat rooms on AOL? Where every line of chat was S/A/L and then someone else fired off some punter script to kick everyone out of the chat room while some other dude/gal decided to scroll randomly generated pictures.@ wrote:
Hi tempnexus
Think that you have a biiiiiiig problem if you are "scrolling ascii dicks" :S ;)
Regards
Baldrick
AOL chat rooms were the easymode mIRC's
Userlevel 7
Have to say that I never AOL'd...and to be honest I am still behind the times as I am not even on Facebook...phew!!!! 😉
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.