Additionally, Webroot antivirus incorporates detection with genotype protection that instantly identifies different variants of malware and spam. It guards against unknown malware by analyzing behavior before code executes, detecting zero-day threats without the need for signatures.
If we didn’t have Webroot, it would be much more difficult to manage roaming users and we would need a far more manual and complex process. Most importantly, Webroot gives us peace of mind – the threats don’t even reach our network now.
- Keir Bancroft, Technical Service Director, Neopost
Typical examples of files from which this technology can extract active content threats include:
This approach enables the Webroot service to detect and automatically block not only any malicious content found in web pages but also in the web traffic stream.
If the Webroot service classifies a website as containing malware of any kind it is automatically blocked by default. Or rather than blocking sites completely, other settings include “coach” (warn but give the user the choice to proceed to the site) and “allow” (add the site to whitelist).
For decoding of Flash applications, the Webroot antimalware engines protect against many of the exploits seen that use Flash (e.g., Exp/SWFScene-A) by providing the flexibility to inspect these files in detail. The engines also extract embedded ActionScript content and provide a stream on which to base detection and write generic detections for Adobe AIR or Silverlight decoding. The components of these (or similar) applications include HTML, scripts and Flash, each of which are inspected by the antimalware engines in the same way as active content served from a web page.
Currently Webroot identifies 96 file and content types by file extension, MIME type and close examination of individual file headers (a capability not available with competitive solutions). This capability eliminates any chance a file can bypass content filtering. Webroot also blocks eight MIME type categories—e.g., if "Other Video Streams" is blocked, then any video streams identified by the general MIME type for video, regardless of whether it is in a specific list, will be blocked. Administrators can also add ‘Custom options’ for MIME types and file extensions to be blocked.