Webroot SecureAnywhere journaling and rollback functionality can undo collateral damage initiated by a malware infection, reducing the need to reimage machines. This saves hours of productivity for your users and IT staff.
I've found the rollback feature to be really interesting and useful. Usually, there is a lot of management involved but this is much simpler. Now, it's just automatic.
A unique capability that sets Webroot SecureAnywhere® apart from every other antivirus solution is the way unknown or ‘undetermined’ malware is handled, and the automatic remediation that is provided to ensure endpoint protection.
If a brand new program is introduced to an endpoint protected by Webroot SecureAnywhere, and it has no existing relationship to anything else on that machine, then local heuristics and other defenses are automatically applied to make a good or bad determination.
This logic will automatically block virtually every threat. However, in the rare case that a threat does get through the heuristics, sandbox, and other defenses, the ongoing journaling and monitoring of behavior ensures it cannot do any permanent damage to a user’s machine.
For example, if a suspicious or undetermined program has passed the several layers of local and Webroot Intelligence Network checks, it is monitored extremely closely, and watched to see which files, registry keys and memory locations it alters.
The journaling function then records and remembers the before and after state of each change made. If a monitored program is later found to be behaving maliciously, Webroot SecureAnywhere can step-in to block and quarantine it, alert the user and administrator, and proceed to automatically clean-up the threat.
This ability to safely defer a decision reduces false positive and false negative categorizations, and comes into play when Webroot SecureAnywhere is not sure if a program is potentially ‘suspicious’ or ‘bad’. Other AV solutions only make good or bad determinations and have no journaling or rollback, so any remediation is standardized and likely to be ineffective.
The inability of legacy solutions to offer individualized and tailored protection often results in administrators having to re- image infected machines. This causes huge losses in productivity and man-time. On the other hand, Webroot SecureAnywhere’s rollback process ensures every change made to that particular machine by a piece of malware is reversed, getting the endpoint back to its prior pre-infected state. This results in fewer endpoints needing to be reimaged due to missing or changed files that cause the machine to operate in an unstable or unsafe way.
Legacy endpoint security solutions do not incorporate monitoring and journaling, so even if they do offer post- infection remediation, they often cannot fully restore the endpoint to its pre-infected state.