Solved

Finally! New WSA User


Userlevel 2
Finally installed WSA IS literally 5 minutes ago.

 

I've been using Avast Free.  The first thing I noticed is that opening a browser is probably twice as fast with WSA installed vs. Avast Free.  It was amazingly fast.

 

Is there a tutorial or a webpage for recommendations for "getting to know WSA"? Links or suggested sections within the forums?

 

Lastly, since I use Sandboxie to sandbox any and all browsers at all times, should I disable the webshield protection?

 

I look forward to getting to know some of you and learning all I can about WSA.
icon

Best answer by RetiredTripleHelix 13 October 2013, 04:13

View original

18 replies

Userlevel 7
Welcome back Alexhousek, 

 

You might check out the User Guides, the link is below in my signature area, and also some of the Knowledge Base.  (Some of the KB articles I am sure are due for an update with the 2014 version, but they will still give you some info!)

 

As for Sandboxie... I will have to let others answer that as I have not used it, but I have seen a number of threads regarding it in the past and I believe you will be fine leaving all shields up and running.  They usually play well together from what I have read.
Userlevel 2
One minor issue....

 

If I click on a couple of areas, like "backup & sync", I get an error message that it is looking for the CD that I used to install the software.  This has happened a number of times.  (Of course, I've taken the CD out after I did the install.).  If I click continue 3 or 4 times, it goes away, but it is annoying.

 

Suggestions?

 



Userlevel 7
What version did you purchase?  Internet Security Plus?  If so, that version does not provide Backup & Synch, only WSA Complete has support for the Backup & Synch. 
Userlevel 2
I appreciate your response and I didn't know that.  However, that really wasn't my issue.  I used that as an example.  Other links or buttons I click on, I get the same message.

 

I'm going to re-boot and then give it a day or two and see if it continues or if it goes away.  If nothing else, I'll just leave the CD in the tray for now.  (Who really uses CD's or DVD's much anymore anyways.....)

 

Thanks again for the link to the user guide(s).  I'm going through it/them now.
Userlevel 7
@ wrote:

I appreciate your response and I didn't know that.  However, that really wasn't my issue.  I used that as an example.  Other links or buttons I click on, I get the same message.

 

I'm going to re-boot and then give it a day or two and see if it continues or if it goes away.  If nothing else, I'll just leave the CD in the tray for now.  (Who really uses CD's or DVD's much anymore anyways.....)

 

Thanks again for the link to the user guide(s).  I'm going through it/them now.

If you get that on a number of spots, maybe it didn't copy correctly during the update while installing.  You might try a clean re-install: copy down the key code on paper to make sure you have it, uninstall, reboot, reinstall and see if that helps get rid of the errors.
Userlevel 7
Badge +56
@DavidP1970 wrote:

@ wrote:

I appreciate your response and I didn't know that.  However, that really wasn't my issue.  I used that as an example.  Other links or buttons I click on, I get the same message.

 

I'm going to re-boot and then give it a day or two and see if it continues or if it goes away.  If nothing else, I'll just leave the CD in the tray for now.  (Who really uses CD's or DVD's much anymore anyways.....)

 

Thanks again for the link to the user guide(s).  I'm going through it/them now.

If you get that on a number of spots, maybe it didn't copy correctly during the update while installing.  You might try a clean re-install: copy down the key code on paper to make sure you have it, uninstall, reboot, reinstall and see if that helps get rid of the errors.

And use the Download link in David's signature as the CD is not needed at all just the Keycode!

 

TH
Userlevel 2
And use the Download link in David's signature as the CD is not needed at all just the Keycode! THTriple Helix 

Great idea!  I should have thought of that!

 

Anyway, it's a minor annoyance.  Like I said, I'll wait a day or so and see what happens.  At this point, it appears that a re-boot may have addressed the issue.

 

Thanks again!
Userlevel 7
Badge +56
Great to hear but if any issues continue do a clean reinstall. Uninstall Reboot and Install using the downloaded install file enter your keycode and let it finish it's install scan and reboot again and that usually fixes most problems.

 

Cheers and have a goodnight,

 

Daniel 😉
I am using the WSA Complete and Sandboxie 4.06 64bit on Windows 8.1 64bit.

Everything works fine.

 

HOWEVER, the ID protect of sandboxed browsers is spotty.  Sometimes it works and sometimes it doesn't, meaning that sometimes the padlock shows up and sometimes it doesn't. 

Also, if I visit any malware site from a sandboxed browser then the site is not intercepted by webroot, I can also execute the malware in the sandbox and it won't be intercepted. 

 

So it appears that Webroot only works on unsandboxed processes.  However, running both along side of each other is not a problem.
Userlevel 7
Badge
Yes,

Getting WSA to hook into Sandboxie is something I'm going to be seriously investigating and lobbying on in the near future as we deploy it as a security and stability solution to our userbase. 100+ endpoints are going to be running it. =0
Userlevel 7
Hi Guys,

Hi explanoit,



Have you ever tried to use Sandboxie with WSA as a security combo? Did you notice any problems associated with its funcionality? My observations are quite similar to those mentioned by tempnexus.

Browser works pretty well while it's sandboxed and WSA detects threats (eg, downloading files), but I feel that the Web Threats Shield doesn't work exactly as it should.  For example I can't t see any prompts which would suggest the user to block sites with malicious content. That's why I simply get an impression that something is missing and makes full cooperation between Sandboxie and WSA difficult.

I regret that this is so, because such a combination, in my opinion, would be a great and lightweight protection for every single computer :D

In one of the recently posts I have presented my thoughts and Mike R. suggested to submit a ticket, but I' ve decided to abstain until I receive the update of WebShiled - unfortunately I'm still waiting for it... :(

 

Regards,

 

Mike
Userlevel 7
Badge
Hey Mike,

We are initially using Sandboxie as an isolation tool for a crappy poorly designed Internet Explorer add-in that stores files on the client and gets corrupted all the time. We are not yet exploring it as a security measure by forcing all browser windows to run in it, though that will happen. I agree that the web shield isn't reliable protection under Sandboxie, though with their new plugin architecture it may be easier for them to fix issues going forward. Will probably require some modifications to the Sandboxie settings to fully work however.
Hell I don't mind modifing my sandboxie .ini or .cfg file for that browser process as long as I can make it work.

I also don't mind loosing some "sandbox" security as long as I can implement the web shield infrastructure.
Userlevel 7
Just to play devils advocate for a minute 😃 What is the point running a sandbox if your willing/dont mind if a certain amount of information can leak out of the sandbox enviroment? 
True true...hower there are options within sandboxie that allow specific folders to be seen or accesses...i.e. you can allow the cookies to be stored and not wiped or you passwords to be stored and not wiped or to store your bookmarks etc.

So that's what I was considering.
Userlevel 7
@ wrote:

Hi Guys,



Have you ever tried to use Sandboxie with WSA as a security combo? Did you notice any problems associated with its funcionality? My observations are quite similar to those mentioned by tempnexus.

Browser works pretty well while it's sandboxed and WSA detects threats (eg, downloading files), but I feel that the Web Threats Shield doesn't work exactly as it should.  For example I can't t see any prompts which would suggest the user to block sites with malicious content. That's why I simply get an impression that something is missing and makes full cooperation between Sandboxie and WSA difficult.

 

Regards,

 

Mike

I've tried Sbie and WSA many times. The Web Threat has never worked with sandboxes. And it should be like that to justify the whole purpose behind sandboxing. But over the years Tzuk, developer of Sbie has offered the users a list of AVs and software compatible with sbie. When an AV in that list on the Sbie interface is checked, it'll be compatible with Sbie's sandbox. WSA is not listed (if it's unfortubate or fortunate is totally subject to perspective). Unless Tzuk compromizes security of the sandbox and allow WSA's Web Threat Shield I don't think Webroot Team can do much about it.

 

Well this is all I have observed and understood. 🙂
Userlevel 7
Badge
@@  wrote:

Just to play devils advocate for a minute 😃 What is the point running a sandbox if your willing/dont mind if a certain amount of information can leak out of the sandbox enviroment? 

I'll play the other side, written to be understandable to everyone. =)

 

Users who don't know how to leverage Sandboxie often don't configure it correctly to block malware from accessing sensitive files and interfaces outside of the sandbox. By default anything running is free to view your screen, read your documents, read your cookies, etc. Sandboxie's only promise is to not let malware modify outside the sandbox, not prevent reading. Even with those restrictions you still have malware running on the machine capable of messing with the sandboxed applications. What if those sandboxed applications are the browser for someone in Finance? Sure, the proper way is to clear the sandbox before launching something sensitive, but I don't trust a user to do that.

 

I'm more worried about WSA not protecting against IPs/websites hosting threats that use kernel vulns to break out of the sandbox than something custom designed to hit WSA exceptions in the configuration. Bromium has shown that Sandboxie is not an effective defense against the most dangerous Windows 0days - however targeted and rare they may be.

 

Unfortunately, Bromium costs crazy $$$. AFAIK it's the only seamless on-machine tech that can offer reliable protection against kernel vulns.

 

Also, the author of sandboxie has found acceptable ways to build in rules for many different applications to run properly "through the membrane" including multiple AV suites that surely require more whitelisting than Webroot stuff would.



I see a sandbox as just another layer. It's protects against some things, WSA against others. If WSA can prevent code from running in the first place, that's much more preferable than it running in an imperfect prison. Plus, the more visibility into web browsing activity and communication the better Webroot is able to protect all my computers, including those not running Sandboxie.

 

You can read the Bromium report here. It's very well written and understandable and even gives background info.

http://bromiumlabs.files.wordpress.com/2013/07/application_sandboxes_a_pen_tester_s_perspective2.pdf

 

I'm in no way dismissing Sandboxie. We have a PO pending to buy it. It works at what it does. If I'm a corporate user it's an amazing jump in protection.
Hell yeah it is indeed a great jump in security.

I've been using it for years and I feel naked without it.  In all open honesty, open kimono statement, if WSA prevented sandboxie from working then I would rather drop WSA than sandboxie.

 

And yes it's good to write tight rules for your browsers, each browser gets their own sandbox and each browser sandbox is not allowed to read or write to system folder or any other drive beyond your installed drive.

Reply