To Customer Support To Customer Support
Solved

Behavior Blocker will turn off if we turn off RealTime Shield?

  • 4 June 2016
  • 8 replies
  • 127 views
P
Rank
Userlevel 5
Hi all.
 
as you can see i have a question about Webroot Behavior Blocker or Monitoring...
 
Webroot behavior blocker will  turn off if i turn off real time shield ? because every time i trying to test Webroot monitoring ( i turn off realtime shield ) result is infection ! maybe Webroot Monitoring is not as i expected good ? or maybe when i turn off realtime shield , behavior blocker also will turn off ?
 
by the way : i mean real infection ! some files creat on temp files and roaming folder ... but i dont want join in this discussion now ,, just want answer of my question :)
 
Regards,Parham.
icon

Best answer by RetiredTripleHelix 5 June 2016, 00:40

View original
Best Regards, Parham

8 replies

RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Yes it will be affected as the Realtime Shield is a very, very big part of WSA and all the Behaviors are all done on the Webroot Brightcloud Threat Intelligence not on your PC!
 
Cheers,
 
Daniel ;)
 

 

 

 

 
Ssherjj
Rank
Userlevel 7
Badge +62
Those are some awesome videos Daniel! 🙂
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
P
Rank
Userlevel 5
Thank You for the answer.
 
but excuse me , you said yes , so am i do underestand correct ? : if we turn off realtime shield , then Behavior blocker will turn off too? 🙂 you said yes to this question ?
 
 
and Thanks again for the nice videos 🙂
Best Regards, Parham
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
It's all part of WSA so it says here don't turn off any Shields: http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C3_Shielding/CH3a_WhatShieldsDo.htm
 

What shields do

Shields constantly monitor activity while you surf the Internet and work on your computer, protecting your computer from malware and viruses. As you surf Internet sites, you could be targeted for a drive-by download, where an unwanted program launches and silently installs on your computer as you view pages. We recommend you keep all shields enabled.
Shields run in the background without disrupting your work. If a shield detects an item that it classifies as a potential threat or does not recognize, it opens an alert. The alert asks if you want to allow the item to run or if you want to block it. If you recognize the file name and you are purposely downloading it (for example, you were in the process of downloading a new toolbar for your browser), click Allow to continue. If you were not trying to download anything, you should click Block.
 

Types of shields

 
SecureAnywhere includes these types of shields:
 
  • Realtime shield. Monitors unknown programs to determine whether or not they contain threats. Blocks known threats from running on your computer that are listed in Webroot’s threat definitions and in our community database. You should never disable this shield.
  • Rootkit shield. Blocks rootkits from being installed on your computer and removes any that are present.
  • Web shield. Blocks known threats encountered on the Internet and displays a warning. The Web shield maintains information on more than 200 million URLs and IP addresses to comprise the most accurate and comprehensive data available for classifying content and detecting malicious sites.
  • USB shield. Monitors an installed USB flash drive for threats, blocks and removes any threats that it finds.
  • Offline shield. Protects your system from threats while your computer is not connected to the Internet.
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
All the Behavior actions are from the Cloud so all the work is done in the Cloud! ;)
 
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Here from when Webroot aquired Prevx in Nov 2010:  http://www.pcmag.com/article2/0,2817,2392059,00.asp
 
http://www.prnewswire.com/news-releases/webroot-acquires-prevx-106436478.html
 
Immense Cloud Database
 One reason the local application can be so tiny is that it doesn't include any malware signatures, Morris explained. The Prevx technology relies entirely on an immense database of applications and behaviors in the cloud. This database collects and correlates an almost-unimaginable amount of information about every process ever run on any system with SecureAnywhere (or Prevx) installed. Along with the expected notes about process behavior it correlates things like the geographic location, browser version, and other elements of the sample's "habitat."
According to Morris, this database, code named ENZO, can include as many as two million database rows for a single process.
"Cybersecurity is all about information," said Morris. "We store and correlate all the factors about the process's behavior in all the places it was seen. We aim to have more information than anyone, so we can offer better protection than anyone."
 
P
Rank
Userlevel 5
Thanks for the answers so Real Time Shield in fact is Behavior Blocker too 😃 I See.
 
so i think Webroot should improve Monitoring ? i mean its great but last night i run a unknown( from webroot ) malware , Webroot block that i mean after 30 sec i see a message from Webroot ( that files trying to change registry ... so i click on block ) and then the file procces disappeared from Control Active Proccess.. and i saw malware ( was in desktop ) size is 0kb ! (before block was 225 kb ) so i scan that and removed .. but that malware created some files on my Temp folder ... on Roaming folder ... !!!  in the end i mean Webroot better provide a better behavior blocker and some more Automatic ? because this current Behavior Blocker a little is User-related ! you know ? i mean till now ( i run about 10-12 malwares on my test system ) and never saw Webroot block them Automatic ...( i mean never saw Webroot automatic change from Monitor to Block ! ) ! sometimes without any message the proccess just gone ! and sometimes just like last night we click on block but system will infected !
 
for example a company i used before .. ( Emsisoft ) they improve their behavior blocker in every single update ! every single update ! its great ! maybe Webroot is focused on Database and Antiphishing .. more than Behavior Blocker ? or maybe something else we should know ?
 
please let me know if you have any answer about this post :)
 
 
Regards,
Parham
Best Regards, Parham
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
See this Video: https://community.webroot.com/t5/Webroot-Education/What-Happens-if-Webroot-quot-Misses-quot-a-Virus/ta-p/10202 also no one product will protect 100% so the layered approach is always suggested with System Back Ups. And on the Community we don't discuss any private Malware Testing as it's not Real World per say and we don't want to encourage other members to do such things as they could put there systems in harms way. Not good at all........
 
Daniel
 
From the Community Guidelines: https://community.webroot.com/t5/Announcements-and-Release-Notes/Webroot-Community-Guidelines/td-p/2
 
No Private Testing Discussions.
We do not condone private malware testing by end-users.  This is never a good idea, and in some areas it's actually illegal.  The whole point of antivirus software is to not get infected, and unfortunately when somebody sets a bad example, there will always be others who are influenced into following the same path.  It's not something we want to allow to be encouraged.
 

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.