Scans run by the Webroot SecureAnywhere® client typically complete in 2 minutes or less, consume 12MB of RAM or less, and take place without negatively impacting user productivity. This is 72% faster than the average competitor and means less time wasted on waiting for an endpoint to become usable again.
Webroot SecureAnywhere® immediately performs a full system scan upon installation onto the endpoint. It looks at all the active processes and parses the entire File System to find rootkits and other types of infection. It also reads the entire Registry and correlates entries to find the links necessary for removing ‘known’ bad files automatically.
Low Level Kernel Operation ‘Sees’ All Events
The Webroot scan engine incorporates raw disk and registry technology that dramatically reduces full system scan times and significantly increases the detection of rootkits and other stealth malware. The goal of the initial ‘learning’ scan, the longest scan conducted on an endpoint, is to detect every potentially malicious file on that machine. The ‘learning’ full system scan focuses particularly on files that are executing, primed for execution, or likely to be executed - ones that are potential threats. This covers at least 99%+ of all known malware and all active malware on an endpoint.
Webroot SecureAnywhere® uses a different scanning approach than other AV solutions. It looks into the system at a far lower level than is possible with standard APIs by parsing the disk and analyzing the system at a raw level. This allows us to scan more objects, faster and more deeply than other AV solutions with their ‘Quick Install Scans’.
We are saving users from being infected, which is a boost in productivity for everyone. It simply works and does what it says it does. You can't ask for more than that!
It typically takes 2-3 minutes to complete the entire ‘learning scan’ and create a local inventory of potential threats, which are then recorded into a local cache. Hashes representing each item in the inventory are then securely communicated to the Webroot Intelligence Network for determination as good, bad or undetermined
During the scanning process and data exchanges, the Webroot SecureAnywhere Agent receives real-time responses and instructions to:
Allow – The file is allowed to continue
Block – The file is blocked from executing
Disallow TCP – The file’s internet connection or communication is blocked
Run in preview mode – Allows the file to run, but under monitoring and journaling
Run under monitoring - Allows the file to run while being closely monitored, so its behavior may be observed and analyzed for threat determination. Any changes the file makes are journaled for roll-back as necessary.
The Webroot SecureAnywhere® Agent is an ultra-light 700KB client designed for significantly better operational speed than other AV solutions.
On disk, it occupies less than 4MB* of space. During scanning, its RAM usage is around 12MB*or less. It is by far the world’s lightest, smallest and most efficient endpoint protection Agent.1
Webroot succeeds where other solutions have failed, with a smaller footprint and faster scanning. It’s an easy-to-manage, time-saving product.
The Webroot SecureAnywhere Agent works by sending file signatures and ancillary data on programs and objects to the Webroot® Intelligence Network™. It then receives real-time predictions and determinations on whether an object is ‘known’ good, ‘known’ bad, or unknown/undetermined.
The reduction of on-device processing directly contributed to Webroot SecureAnywhere scoring a record 78/80, or 97.5%, in independent performance testing. These tests focused on different performance metrics determined by PassMark Software and compare Webroot SecureAnywhere to seven of the world’s leading AV vendors.
Webroot SecureAnywhere uses a variety of techniques to reduce the impact it has upon local endpoint resources. These include parsing the disk at the RAW level (to maximize scan speeds), minimizing network communication and intelligently tuning its memory usage when resource-intensive applications are detected. This feature is especially useful in traditional and virtualized server environments as well as on PCs.
During the most comprehensive scans, Webroot SecureAnywhere typically sends between 300KB and 2MB of data to the Webroot Intelligence Network for analysis. It normally receives back less than 250KB of data. On average, normal daily operation of the Webroot SecureAnywhere Agent exchanges less than 100KB of data with the Webroot Intelligence Network.
The result of optimizing Agent size, functionality, scanning, communications and interoperability within the endpoint environment is that it’s never obvious to end users that the program is using any CPU or RAM resources, and therefore never gets in their way.
Such low resource usage also permits Webroot SecureAnywhere to run concurrent scans, or effortlessly scale and run on virtual machines operating within a single physical server - without any disruption.
This low system impact also improves security, as Administrators may schedule regular security scans during the working day without impacting a user’s ability to keep using their machine; something not achievable with other solutions.