Webroot Spy Sweeper User Guide

Webroot Software
®
User Guide
for
Spy Sweeper
Webroot Software, Inc.
PO Box 19816
Boulder, CO 80308
www.webroot.com
Version 6.1
Webroot Software User Guide
Version 6.1
© 2003 – 2009 Webroot Software, Inc. All rights reserved. Webroot, Spy Sweeper, Webroot AntiVirus with
AntiSpyware, and the Webroot and Spy Sweeper icons are trademarks or registered trademarks of Webroot Software,
Inc.
Included antivirus software © 2000 – 2009 Sophos Group. All rights reserved. Sophos and Sophos Anti-Virus are
registered trademarks of Sophos Plc and Sophos Group.
All other product and company names mentioned may be trademarks or registered trademarks of their respective
owners.
Contents
1: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Determining your product version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Protecting your system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
How online threats can damage your computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
How Webroot software protects your computer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Sweeps and quarantine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Shields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Subscription updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Running the program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Opening the Main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Closing the Main window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Using the System Tray menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Shutting down program operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Using multiple accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Renewing your subscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Checking for updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Setting Gamer (silent) mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Responding to alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Alerts related to potential threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Alerts related to system status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
2: Sweeping your System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Determining what to sweep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Running a sweep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Starting an on-demand sweep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Monitoring the sweep process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Reviewing and quarantining items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Viewing the sweep summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Managing quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Keeping quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Deleting quarantined items permanently . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Restoring quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
3: Shielding your System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Viewing the shield summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Setting Web Browser shields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Editing BHOs used by Internet Explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Editing the IE Hijack shield settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Setting Network shields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Editing the Hosts file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Setting Windows System shields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Setting the Startup Programs shield . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Setting the E-mail Attachments shield . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Communication errors with the E-mail Attachments shield . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
User Guide
iii
4: Setting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Viewing and setting sweep options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Reviewing options for Full and Quick sweeps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Configuring Custom sweep options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Setting shield options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Setting antivirus protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Setting behavioral detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Changing the shield alert method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Setting Gamer mode options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Managing detected items automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Managing automatic updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Setting program options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Viewing the session log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
5: Creating Scheduled Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Scheduling sweeps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Managing scheduled events. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
A: Webroot Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Accessing the Knowledge Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Reporting potential threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60
Joining the WARN program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
iv
Contents
1: Getting Started
For an introduction to Webroot® Spy Sweeper and Webroot AntiVirus with AntiSpyware, see the
following topics:
•
Determining your product version.
Make sure you know which version you have.
•
Protecting your system.
Learn how the Webroot software protects your computer from spyware and other
unwanted items.
•
Running the program.
Open the Main window, learn its functions, and shut down the program.
•
Renewing your subscription.
Make sure your subscription is current, so you receive the latest threat protection.
•
Checking for updates.
Keep updated on the latest product releases.
•
Setting Gamer (silent) mode.
Set the Webroot software to a silent mode for uninterrupted gaming.
•
Responding to alerts.
Learn about Webroot software alerts and how to respond to an alert.
Note
This guide assumes you have a basic understanding of the Windows operating
system. If you need assistance with the Webroot software, see Appendix A,
“Webroot Support” for contact information.
1: Getting Started
1
Determining your product version
This guide describes how to use the features available for the following product versions:
Webroot software versions
Spy Sweeper
Provides protection from spyware and other potentially unwanted programs. This
version includes a subscription to the evolving database of security definitions from
Webroot.
Webroot AntiVirus Provides the same protection from spyware and other potentially unwanted
with AntiSpyware programs as the regular version of Spy Sweeper, along with sophisticated Sophos®
Anti-Virus protection. This version includes a subscription to the evolving database
of security definitions from Webroot.
This symbol indicates notes that apply only to the antivirus function.
2
Trial Version
Lets you use the Webroot software on a trial basis. When the trial expires, the
Webroot software notifies you and lets you purchase a full version with a
subscription from the Webroot Web site.
This symbol indicates notes that apply only to trial versions.
Scan-Only Trial
Version
Performs a complimentary scan (sweep) of your computer and locates any spyware
or other potentially unwanted programs. This is a limited version that demonstrates
where you might have potential risks. This version does not quarantine or remove
potential risks. After performing a scan, the Webroot software notifies you and lets
you purchase a full version with a subscription from the Webroot Web site.
This symbol indicates notes that apply only to trial versions.
1: Getting Started
Protecting your system
The Webroot software provides a comprehensive solution for protecting your privacy and your
computer from online security risks, including spyware, adware, and other potentially unwanted
programs. To learn more, read the following topics:
•
How online threats can damage your computer
•
How Webroot software protects your computer
How online threats can damage your computer
Online security threats come in many forms — the most common types come from spyware and
viruses, which could install themselves without your knowledge as you visit Web sites or
download software. Spyware programs are specifically designed to infiltrate your computer for
commercial gain (stealing personal information or displaying annoying advertisements), while
viruses are typically designed to damage your computer.
Types of spyware programs include system monitors that capture your e-mails and keystrokes,
Trojan horses that can steal or destroy data, adware that pops up advertising, and cookies that store
information about your online preferences and habits. While some of these programs may be
harmless, others can steal your personal information and send it to a third party for malicious
purposes. In some cases, these programs can damage your computer enough to slow down
processing times or cause system crashes. Spyware and other unwanted programs may be part of a
program that you installed or they may install themselves as you visit Web sites. They could also
arrive bundled with freeware or shareware, through e-mail, or by someone with access to your
computer. These programs are difficult to detect, and difficult (if not impossible) to remove.
Spyware can hide in multiple locations and can reinstall if you don’t remove it properly with
specialized antispyware software.
A virus is computer code that often duplicates itself and causes a specific event to occur. The event
may be harmless, such as displaying a message on a specific date, or may be malicious, such as
deleting data or duplicating data to fill a hard drive. Viruses can arrive as file attachments to
e-mail, as embedded files on a CD, and as clickable graphics in an e-mail. Once on your hard
drive, viruses are difficult to detect and remove, unless you have specialized antivirus software.
Virus protection
To protect against virus attacks, you must have the Webroot AntiVirus with
AntiSpyware version.
How Webroot software protects your computer
The Webroot software offers continuous protection from potential threats and helps secure your
valuable data, by offering the following features:
•
Sweeps and quarantine
•
Shields
•
Subscription updates
1: Getting Started
3
Sweeps and quarantine
You can schedule sweeps to run at convenient times, typically while you are away from your
computer (the computer must be turned on) or you can run sweeps on demand. During a sweep, the
Webroot software performs the following process:
1. Search. The Webroot software searches for potential threats, looking for any items that
match security definitions in the Webroot database. You can specify where the program
searches (for example, search specific folders or file types) and the types of items to
include or ignore (for example, bypass tracking cookies).
2. Quarantine. After a search, the Webroot software removes items that match security
definitions from their current locations and sends them to a holding area, called the
Quarantine, where they are rendered inoperable and cannot harm the computer. After
items are quarantined, you can delete them permanently or restore them to their original
locations. You can also control whether certain items are always quarantined or whether
certain items like tracking cookies are always ignored.
Virus protection
If Webroot AntiVirus with AntiSpyware detects a virus, it removes the infected
portions of a file during a virus cleaning process.
3. Summarize. Once you have taken action on each detected item (deleted, ignored, or
restored), the Webroot software summarizes your actions.
Shields
For added protection, the Webroot software includes a shielding function that continuously
monitors activity as you work (for example, when you connect to the Internet or when you open an
e-mail attachment). Shields can monitor functions related to your Web browser settings, network
communications between your computer and Web sites, Windows system settings, Windows
Startup programs, and e-mail attachments.
If the Webroot software detects spyware or any other potential threat attempting to download, it
displays an alert message. For most types of detected items, the alert message asks if you want to
proceed anyway or stop the download. You can also specify that certain types of items are always
managed in the same way (allowed or blocked).
Subscription updates
The Webroot Threat Research team is constantly updating security definitions to protect your
computer from ever-changing spyware and other potential threats. The Webroot software can
automatically download these definitions to your computer so you are always protected against the
most current online threats.
With your purchase of the Webroot software, you receive a one-year subscription to all security
definition updates and also to newly released program versions. When your subscription is within
30 days of expiration, the Webroot software will notify you in the alert panel. You can extend your
subscription (or upgrade the program) at any time from the Webroot Web site. For more
information, see “Managing automatic updates” on page 52.
4
1: Getting Started
Running the program
The Webroot software runs automatically when Windows starts. Look for the Webroot icon in the
Windows system tray in the lower-right corner of your screen. This icon indicates that the Webroot
software is running and actively protecting your computer.
Webroot software is running
Note
If you turned off the Load the program at Windows startup option in the
Options/Program tab, you must manually start the Webroot software by
double-clicking the Webroot icon on your computer desktop or selecting it through
the Windows Start Menu. This action also opens the Main window.
For information about running or stopping the program, see the following topics:
•
Opening the Main window
•
Closing the Main window
•
Using the System Tray menu
•
Shutting down program operations
•
Using multiple accounts
Opening the Main window
Open the Main window by doing one of the following:
•
Double-click the Webroot icon on your Windows desktop or select the program from the
Windows Start menu.
•
Double-click the Webroot icon in the system tray (lower-right corner of your screen).
You can also right-click the icon to open the task bar menu, then click Home.
Main window
The Main window is divided into two areas: the Icon panel at the left allows you to select options,
while the Main panel on the right displays the corresponding settings available for the selected
icon.
1: Getting Started
5
Icon
panel
Main panel
The following table describes the Icon functions.
Icon functions
6
Home
View overall status, as shown in the example above and described in the next table.
Sweep
Start a Full, Quick, or Custom sweep.
Shields
Set shields to continuously monitor and block activity.
Options
Set options for sweeps, shields, quarantines, updates, and the program.
Schedule
Create schedules for automatic events, such as sweeps.
Help
Open the online instructions (you can also click the
icon).
1: Getting Started
When the Home icon is selected, the Main panel shows overall program status and provides
functions, as described in the following table.
Home panel functions
Sweep,
Shields,
Updates
Last full sweep: Shows how long ago the Webroot software swept for viruses, spyware,
and other unwanted items.
Antivirus functions are only available with the following versions: Webroot
AntiVirus with AntiSpyware or Webroot Internet Security Essentials. You can upgrade to
one of these versions by clicking the Upgrade Now link in the Improve Your Protection
panel.
Shields: Shows the status of shield settings and warns you if recommended shields are
turned off.
Manage Quarantine: Click to delete or restore items after a sweep. (Only appears if there
are quarantined items.)
Sweep Now: Click to begin sweeping for spyware and other unwanted items.
Improve Your Displays features you could receive by upgrading the Webroot software to another version.
Protection
Upgrade Now: Click this link to purchase an upgrade.
Subscription
Active Through: Shows the date your subscription ends.
About My Subscription: Click for program version information and definitions status.
Updates
Last check: Shows how long ago the Webroot software checked the update site for
program and definition updates.
Check for Updates: Click to view Webroot’s update site.
Gamer Mode
Click Turn Gamer Mode On to set the program to “silent” operation, which suppresses
functionality that could interfere with gaming.
Click Turn Gamer Mode Off to return to normal operation.
Alerts
Shows if any alerts were triggered. Click an alert link to view more information.
1: Getting Started
7
Tabs
Some panels display tabs that give you access to additional options. The following example shows
the settings available when you click the Options icon.
Click a tab
for more
options.
Closing the Main window
When you are finished using the Main window, click Close
in the upper-right corner of the
screen. This action closes the window, but keeps the program running. Look for the Webroot icon
in the Windows system tray at the lower-right corner of your screen; this icon means that the
Webroot software is actively protecting your computer with shields. We recommend that you
always keep the Webroot software running.
The program is still running
8
1: Getting Started
Using the System Tray menu
You can access many of the Webroot software’s main features from the System Tray menu. To
access this menu, right-click on the system tray icon (lower right corner of the desktop).
Shutting down program operations
To completely stop Webroot software operations, you can shut down the program. A shut-down
action is only necessary if you plan to upgrade to a new version. Otherwise, you should keep the
program running so that shields can actively block potential threats.
To shut down the Webroot software:
1. Right-click the Webroot icon
in your system tray.
A System Tray menu opens.
2. Click Shut Down.
1: Getting Started
9
Using multiple accounts
If your computer is configured for multiple user accounts (each person logs in with a unique name
and password), the Webroot program is available to all those accounts. Users with administrative
privileges have full access to all areas of the Webroot software, while other users have limited
access.
The following table describes program functions not available to limited users (those without
administrative privileges).
Functions unavailable to limited users
Shields
Limited users cannot change shield settings, with the exception of the IE
Hijack shield options:
• User—Limited users can use this drop-down list to change these settings.
Only the current user account is affected. These settings effectively
override the system settings below.
• System—Only the computer administrator can use this drop-down list to
change these settings. Changes here affect all user accounts, unless a
limited user has customized the setting.
See “Editing the IE Hijack shield settings” on page 30.
Program Options
Limited users cannot change settings for these options:
• Add “Sweep” option to Windows Explorer context menu
• Load the program at Windows startup
See “Setting program options” on page 52.
Quarantine panel
Limited users can view the Quarantine panel, but cannot restore or delete
items that have been quarantined.
See “Managing quarantined items” on page 23.
Scheduled Sweeps
All users can run sweeps. However, for scheduled sweeps to run, you must
be logged in to the account where you created the schedule. In addition, you
can only see the scheduled sweeps configured from your own account.
See “Scheduling sweeps” on page 56.
Renewing your subscription
Your subscription includes updated security definitions, which protect your computer from
ever-changing spyware and other potential threats. When your subscription is within 30 days of
expiration, you will see a red banner and a Renew button at the top of the Main window. Click
Renew to renew your subscription. You can also renew your subscription any time from the
Webroot Web site (www.webroot.com) by clicking the Renew your subscription link. The renewal
adds time to your existing subscription, so you never lose any subscription time that you have paid
for.
If you are not sure when your subscription ends, check the Subscription section of the Home panel.
If you see a Check Status link, click that link to see up-to-date subscription information.
10
1: Getting Started
Checking for updates
While your subscription is valid, you can install updates to the program and to security definitions
when they are available. You should always make sure to keep updated definitions, which identify
spyware and other potentially unwanted programs that the Webroot software uses as a basis for
detecting potential threats during sweeps. Webroot frequently updates these definitions and makes
them available for you to download (manually or automatically) from the Webroot Web site.
The Webroot software is preconfigured to check for program updates and new security definitions
on a daily basis. (You must be connected to the Internet for update checks to be successful.) In
addition, the Webroot software is also set to automatically download definitions, if available. We
recommend that you keep these settings, as described in “Managing automatic updates” on
page 52. You can also manually check for updates at any time; for example, you might want to
check if you have the latest security definitions before running a sweep.
Trial Versions
If you have a trial version, you can download updates within your trial period.
To check for updates to the program version or security definitions:
1. Make sure you are connected to the Internet.
2. From the Home panel, click the Check for Updates link below Updates. (You can also
click the Options icon, click the Update tab, and click Check for Updates from there.)
Your browser opens and displays the Webroot Web site. The Web site indicates if your
version of the program is current and if an update is available.
Note
If you are updating the program, do not uninstall your previous version of the
Webroot software. Installing the new version over the old one retains Quarantine
information from previous sweeps and lets you keep program settings.
If new definitions are available, the Webroot software downloads and installs them. A
progress bar shows the status of the download.
Virus protection
Updates include both spyware and virus definitions, for the Webroot AntiVirus
with AntiSpyware version.
1: Getting Started
11
Setting Gamer (silent) mode
If the Webroot software interferes with your gaming, you can set the program to a silent Gamer
mode. While in this mode, the program will not perform the following activities:
•
Scheduled sweeps. The program does not run scheduled sweeps. When the program
returns to regular operations (Gamer mode is switched off), an alert indicates that an event
was missed. The missed event will not run automatically.
•
Shield functions. All shields will be turned off, except for the Execution shield, which
stops executable programs from launching a process on your computer. If the Execution
shield detects a potential threat, it will move the item to Quarantine without alerting you.
If desired, you can specify that the Execution shield is turned off along with all other
shields (for instructions, see “Setting Gamer mode options” on page 49).
•
Alert pop-ups. The program will not open alerts in the system tray.
•
Communications with the Webroot server. The program will not contact the Webroot
server to check for definition updates or program updates.
To run the program in Gamer mode, you can do either of the following:
•
From the Main window in the lower-right corner, click Turn Gamer Mode On.
•
Right-click the Webroot system tray icon in the lower-right corner of your computer
screen. In the task bar menu, click Turn Gamer Mode On.
Gamer mode will automatically turn off after 4 hours. To change that setting, see “Setting Gamer
mode options” on page 49.
To manually turn off Gamer mode, you can do either of the following:
•
From the Main window in the lower-right corner, click Turn Gamer Mode Off.
•
Right-click the Webroot system tray icon in the lower-right corner of your computer
screen. In the task bar menu, click Turn Gamer Mode Off.
All program activities will be re-enabled, including the previously set shields. The
Webroot software will also contact the Webroot server and check for any updates to
security definitions and to the program.
Note
If you shut down and restart the Webroot software, it disables Gamer mode on
start-up.
12
1: Getting Started
Responding to alerts
During normal program operation and shielding functions, the Webroot software may open the
following types of alerts:
•
Alerts related to potential threats
•
Alerts related to system status
Alerts related to potential threats
When a potential threat is detected, such as spyware trying to download, Webroot’s shields block
the activity and open an alert window. You can respond to the alert by blocking the item or
allowing it. If you do not respond within the allotted time shown in the counter at the bottom, the
Webroot software blocks the activity.
Some alerts allow you to select Always take the selected action..., so that if the Webroot software
frequently detects this item, it will always handle it based on your selection here.
Alerts related to system status
For alerts that do not require immediate action, such as a missed scheduled sweep, the Webroot
software displays an alert in either a pop-up near the system tray (lower-right corner of your
screen) or in the Alerts section of the Main window. For more information about changing how
status alerts are displayed, see “Changing the shield alert method” on page 48.
The following example shows an alert in the system tray. To read more information about an alert,
click the Review Alerts link.
Click
1: Getting Started
13
14
1: Getting Started
2: Sweeping your System
The sweep function scans your computer’s drives, the Windows registry, memory, and other
places where spyware and potential threats can hide. You decide what you want to sweep: all areas
(Full), only areas where spyware is commonly found (Quick), or selected areas based on your
needs (Custom). For Custom sweeps, you decide what types of potential threats you want the
sweep to locate and what areas of the computer to scan.
When the sweep locates potential threats that match items in the security definitions, it moves the
items to Quarantine, a holding area where they cannot harm your computer. From there, you
decide to keep, restore, or delete the items. To help you decide on an action, the Webroot software
shows risk ratings for threats (from low to critical) and provides a link to the Webroot Threat
Research site, where you can read more about them.
To sweep your computer and manage quarantined items, see the following topics:
•
Determining what to sweep.
Decide whether to run a Full, Quick, or Custom sweep.
•
Running a sweep.
Start scanning for potential spyware and other unwanted items.
•
Managing quarantined items.
Keep, restore, or delete items moved to Quarantine.
You can also perform these tasks related to sweeps:
•
Reviewing options for Full and Quick sweeps.
Check the preconfigured options for Full and Quick sweeps.
•
Configuring Custom sweep options.
Customize where the Webroot software looks for suspicious items and what types of items
it scans.
•
Managing detected items automatically.
Determine if certain items are always ignored or always quarantined during the sweep.
•
Scheduling sweeps.
Create schedules for running Full, Quick, or Custom sweeps.
2: Sweeping your System
15
Determining what to sweep
The Webroot software offers several types of preconfigured and customizable sweeps. See the
following table to help determine what type of sweep you should perform.
Sweep recommendations
16
To thoroughly sweep all
areas of the computer:
Perform a Full sweep, which checks all internal drives and any drives directly
attached to your computer. This sweep takes longer than a Quick sweep, but is
more thorough. The areas swept during a Full sweep are preconfigured and
cannot be changed (see “Reviewing options for Full and Quick sweeps” on
page 42).
We recommend that you set a schedule for performing a Full sweep weekly, as
described in “Scheduling sweeps” on page 56. We also recommend that you
run a Full sweep immediately if you suspect that spyware or a virus has
downloaded to your computer. Your system might be compromised if you
notice slow or erratic performance, numerous pop-up ads, unexplained
changes to your browser, or other suspicious activity. See “Running a sweep”
on page 17.
To quickly sweep only
potential problem areas
of the computer:
Perform a Quick sweep, which checks only the locations where spyware and
other unwanted programs are commonly found. This type of sweep is less
thorough than a Full sweep, but maximizes use of your computer’s processing
power to make the sweep as fast as possible. The areas swept during a Quick
sweep are preconfigured and cannot be changed (see “Reviewing options for
Full and Quick sweeps” on page 42).
We recommend that you run a Quick sweep (or a Full sweep) after you
perform potentially unsafe Internet activity, such as downloading free
software or accidentally clicking on a pop-up advertisement. Spyware
commonly piggybacks on free downloads and can install on your computer
without your knowledge. Spyware can even get installed in a “drive-by
download” as you surf an infected Web site. See “Running a sweep” on
page 17.
To sweep selected areas
of the computer:
Perform a Custom sweep, which lets you focus on specific drives, areas of the
computer, or file types. The Webroot software saves these settings for future
Custom sweeps.
You might want to perform a Custom sweep in a variety of situations; for
example, you could use the Custom sweep options to limit the sweep only to
your C: drive and to skip certain file types that you know are safe. See
“Configuring Custom sweep options” on page 44 and then follow the
instructions in “Running a sweep” on page 17.
To sweep a single file or
folder:
From Windows Explorer, you can right-click on a specific file or folder to
start a sweep from the pop-up menu. This method of sweeping is useful if you
downloaded a file and want to quickly scan it for threats. To run a sweep from
Windows Explorer, see “Running a sweep” on page 17.
2: Sweeping your System
Running a sweep
During a sweep, the Webroot software performs a three-step process:
1. Search. Scans your computer for known threats, looking for any items that match
definitions and that meet the criteria specified in the Options tab’s Sweep settings.
2. Quarantine. Lists all items that matched security definitions and lets you determine
whether to send the items to Quarantine or keep them in their current locations. Items in
Quarantine are rendered inoperable and cannot harm your computer.
3.
Summarize. Describes actions taken for each found item.
To run an immediate sweep, see the following topics:
•
Starting an on-demand sweep
•
Monitoring the sweep process
•
Reviewing and quarantining items
•
Viewing the sweep summary
If you want to set an automatic sweep schedule, see “Scheduling sweeps” on page 56.
Starting an on-demand sweep
You can start an on-demand sweep from the program’s Main window or from Windows Explorer.
Before you begin the sweep, do the following:
•
Close all programs that are listed in the taskbar at the bottom of your screen. The Webroot
software may not be able to remove spyware associated with a particular program if that
program is open. You do not need to close programs shown in the system tray in the
lower-right corner of your screen; these programs are only running in the background.
•
Make sure the security definitions are up-to-date, as described in “Checking for updates”
on page 11.
•
Optionally, you can check what criteria the Webroot software uses for sweeping your
system, as described in “Viewing and setting sweep options” on page 42.
To start a sweep from the Home panel:
From the Home panel, click Sweep Now. The Webroot software performs either a Full, Quick, or
Custom sweep, depending on which one is selected in the Sweep panel, as described below.
To start a sweep from the Sweep panel:
1. If you want to select from a Full, Quick, or Custom Sweep, click Sweep from the Icon
panel.
The Sweep Your Computer panel displays a Start button:
Click arrow
to see types.
Click button
to start.
2: Sweeping your System
17
2. Click the down arrow on the button to select one of these sweep types:
•
Start Full Sweep. Sweeps all areas of the computer thoroughly.
•
Start Quick Sweep. Sweeps only areas where threats are commonly found.
•
Start Custom Sweep. Sweeps only selected areas (see “Configuring Custom sweep
options” on page 44).
3. Click the button to start the sweep.
To start a sweep from Explorer:
1. Make sure you have enabled the Add “Sweep” option to Windows Explorer context menu
as described on page 53.
You do not need to open the Main window; the program just needs to be running (the
Webroot icon appears in the system tray).
2. Open Windows Explorer.
3. Right-click the file, folder, or drive you want to sweep.
4. From the pop-up menu, select Perform Security Sweep.
Monitoring the sweep process
When you start a sweep, the Sweeping panel opens and the Webroot software shows its progress,
including the number of items found, progress bar, current sweep location, and a list of detected
items.
Note
If you want to pause the sweep, click Pause Sweep. When you want to resume the
sweep, click Resume.
If you want to stop the sweep entirely, click Stop Sweep.
On the right side of the Sweeping panel, the fields show more details about what the Webroot
software is inspecting and what it has found.
Sweep Details
Search for
Total Definitions
Current security definitions being used to locate potentially unwanted
programs. You should update your definitions regularly to ensure that
you are using the most current version (see “Checking for updates” on
page 11).
Items Inspected
18
Memory
Program pieces that were swept in your computer’s memory. Some of
these pieces may be part of a potentially unwanted program.
Registry
Items in the Windows registry that were searched. Some registry entries
may be associated with potentially unwanted programs.
Cookies
The cookies that were searched. Some cookies contain personal
information (including surfing habits, user names and passwords, and
areas of interest).
2: Sweeping your System
Sweep Details
Files/Folders
Files and folders on the selected drives that were searched.
Detected
Items
The security definitions matched during the sweep. A security definition
is a set of fingerprints that characterize a potentially unwanted program,
such as spyware or adware.
Traces
The traces found during the sweep.
If the Webroot software did not detect any potential threats, it opens the Summary panel and shows
details about the sweep. You can click Back to Home to return to the Home panel.
If the Webroot software did detect potential threats, it opens the Quarantine panel and shows
details about the items it found. See the next section, “Reviewing and quarantining items.”
Reviewing and quarantining items
After the Webroot software runs a sweep, it opens the Quarantine panel, similar to the following
example.
Click to view
folder location.
Select to move.
Deselect to keep.
2: Sweeping your System
19
The Quarantine panel provides details about detected items, as described in the following table.
Quarantine Details
Summary panel (left):
Found
List of potential threats that were found. All items are automatically selected and
ready to be moved to Quarantine.
If you have Webroot AntiVirus with AntiSpyware and you turned on the
Automatically quarantine viruses detected during sweep option (see page 45),
the Webroot software does not list files with detected viruses in this panel.
Instead, it automatically places them in Quarantine.
Auto-quarantined:
Auto-ignored:
If you performed sweeps previously and already set some items to Always
Ignore or Always Quarantine, those items are counted in these fields, but not
listed in the panel below. For more information, see “Managing detected items
automatically” on page 50.
Item Details panel:
Name
Name of the item currently selected in the list. The Webroot software
automatically pre-selects all items in preparation for moving them to
Quarantine, except those listed as a rootkit. Items with a green check mark
next to them will be moved to Quarantine once you click Quarantine Selected.
Category
Type of item currently selected in the list, such as “Spy Cookie.” The Glossary
includes definitions for many of the categories.
Risk Rating
Red bars show the risk level of the selected item. The more bars shown, the
higher the risk, as follows:
•
—Low
•
—Moderate
•
—High
•
—Very high
•
—Critical
Traces Found
Number of traces found related to this item. Traces are the individual elements
that make up the definition database.
Description
Description of the item. For more information, click View More Details Online.
You must be connected to the Internet to see the additional information.
You can select items to move to Quarantine, which is a holding area where potential threats cannot
harm your computer. Moving items to Quarantine does not permanently delete them; you must
manually delete items from Quarantine. You can also specify that certain items stay in their
current locations and remain active.
Trial Versions
If you have the Scan-Only trial version, you cannot quarantine and remove detected
items. Click Subscribe to buy a subscription so you can remove these items.
20
2: Sweeping your System
To select items and move them to Quarantine:
1. Review all items listed in the Quarantine panel:
•
To see more details about an item, click on the item name in the list. Details appear on
the right. If you need more information, click View More Details Online to connect to
the Webroot Threat Research Center (you must be connected to the Internet).
•
To see the location (full path) to the traces found, click the arrow
next to an item.
2. Determine which items you want to remove or keep. Items with a green check mark
will be moved to Quarantine. If there are any items that you want to keep, click on the box
to remove the green check mark. You can also use the Deselect All or the Select All links
at the bottom of the panel.
If you aren’t sure what to do with an item, the safest action is to move it to Quarantine,
where it cannot harm your computer, but can also be restored if necessary.
Note
If you know you will always want to ignore or quarantine an item for future
sweeps, you can right-click an item and select Always Ignore or Always
Quarantine. For more information, see “Managing detected items automatically”
on page 50.
If you want to quarantine a rootkit, make sure you click on the box to add a green check
mark. If you are uncertain whether the items listed as rootkits should be quarantined,
contact technical support for assistance (see “Requesting Technical Support” on page 60).
3. Click Quarantine Selected to move all selected items (with a green check mark
Quarantine.
) to
The Webroot software first encrypts each trace, removes it from its original location (so it
will no longer run), then copies it to Quarantine. Items are not permanently deleted during
this process.
Virus protection
If Webroot AntiVirus with AntiSpyware is able to clean the file (remove the virus
safely), it keeps the cleaned file in its original location and sends a copy of the
corrupted file to Quarantine. The cleaned file is safe to use; the file in Quarantine is
not safe to use.
The quarantine process can take several minutes or longer depending on the number of traces and
the speed of your computer. When finished, the Webroot software opens a summary panel (see
“Viewing the sweep summary” on page 22). Once items are quarantined, you can leave them in
Quarantine, restore them (if necessary), or delete them. See “Managing quarantined items” on
page 23.
Some detected items require that you download and use an additional tool to completely remove
them from their original locations. If this is the case, the Additional Tools Required panel opens
during the quarantine process. (You must be connected to the Internet to download additional
tools.)
2: Sweeping your System
21
To download and use an additional tool:
1. From the Additional Tools Required panel, click the Download link to download the tool
to your computer.
The Webroot Web site opens in your Web browser.
2. Follow the instructions on the Web site to download the file that contains the tool.
Make a note of where you downloaded the file on your computer.
3. Follow the instructions on the Web page to install and use the tool.
4. From the Additional Tools Required panel, click Finish.
The Home panel opens.
Viewing the sweep summary
When the Webroot software is finished managing items, the Summary panel opens and provides a
status of the sweep and quarantine process. The Action Taken column shows how the item was
managed (for example, moved to Quarantine).
Sweep summary actions
Quarantined
All traces of the item were moved to Quarantine. For more information,
see “Managing quarantined items” on page 23.
Ignored
The item was skipped, because you deselected it in the previous panel.
Always Quarantine
The item was automatically quarantined, because you have it set to
Always Quarantine. For more information, see “Managing detected items
automatically” on page 50.
Always Ignore
The item was automatically bypassed, because you have it set to Always
Ignore. For more information, see “Managing detected items
automatically” on page 50.
Partially
Quarantined
Some traces of the item were quarantined, but not all, because you
deselected some traces in the previous panel.
If desired, you can view the detailed sweep session log by clicking the View Session Log link. To
view the detailed log later, click the Options icon, then the Sweep tab, then click the View Session
Log link.
22
2: Sweeping your System
Managing quarantined items
Once items are quarantined, you can view and manage them by selecting the Manage Quarantine
link from the Home panel. (If the Quarantine is empty, this link does not appear.)
Click
You have the following options for managing items detected during a sweep:
•
Keeping quarantined items (recommended). This is the safest action for found items, since
it allows you to test your computer without the item in its original location and determine
if all your programs still work properly after it’s moved. However, if the Quarantine area
gets too full, the Webroot software alerts you and you must remove some items.
•
Deleting quarantined items permanently. You can permanently delete an item if you’re
sure it’s unwanted spyware or another type of threat.
•
Restoring quarantined items. If you discover that some of your legitimate programs won’t
work properly when an item was placed in Quarantine, you can restore that item from
Quarantine to its original location on the computer.
Trial Versions
If you have the Scan-Only trial version, you cannot quarantine and remove detected
items. Click Subscribe to buy a subscription so you can remove found items.
Keeping quarantined items
You can keep items in Quarantine, where they are rendered inoperable and cannot harm your
computer. This is the safest action to take. It allows you to test your computer to make sure that all
legitimate programs still function properly without an item. If necessary, you can restore an item
from Quarantine.
If the Quarantine area reaches certain size limits or when your computer’s hard drive is low on
space, the Webroot software opens a pop-up alert from the system tray (lower-right corner of your
screen), in the Alerts panel, or in a Webroot message window. If you see the Webroot message
window, the alert is critical and space on your hard drive is very low. You should take action to
make more space available. The alert message gives you three options:
•
Delete Old Items. Click to delete all items in Quarantine that are more than seven days
old. If deleting these items does not make enough space available, the Webroot software
opens another message recommending that you go to Quarantine and delete more items
(see “Deleting quarantined items permanently” on page 24).
•
Manage Quarantine. Click to open the program with the Quarantine panel displayed,
where you can selectively delete items from Quarantine (see “Deleting quarantined items
permanently” on page 24).
2: Sweeping your System
23
•
Remind Me Later. Click to have the Webroot software remind you tomorrow. If you take
this action, you may want to delete other files to make more hard drive space available.
Deleting quarantined items permanently
If your legitimate programs run properly after quarantining a potential threat, you can permanently
delete the item. You will not be able to restore the item after deleting it from Quarantine.
To permanently delete quarantined items:
1. From the Home panel, click the Manage Quarantine link.
The Quarantine panel opens with information about items that you have quarantined, but
have not permanently deleted. For more information, see the Quarantine Details table on
page 20.
2. Select each item that you want to permanently delete.
A check mark next to the item shows that it is selected and will be deleted.
3. Click Delete Selected Items.
Note
If the Delete Selected Items button is unavailable (dimmed), you may not have
access to this function. For more information, see “Using multiple accounts” on
page 10.
The Webroot software deletes the selected items and displays information about the
deletion at the bottom of the panel.
Restoring quarantined items
You may need to restore a quarantined item if you discover that a program on your computer is not
working correctly without it. Sometimes, a piece of spyware is an integral part of a legitimate
program and is required to run that program.
In some cases, components with copy protection may not restore from Quarantine properly. You
must reinstall these programs from the original media or installation file.
Virus protection
Do not restore a file with a detected virus. If Webroot AntiVirus with AntiSpyware
was able to clean the file (remove the virus safely), it keeps the cleaned file in its
original location and places a copy of the corrupted file in Quarantine. The cleaned
file is safe to use; the file in Quarantine is not safe to use.
To restore quarantined items:
1. From the Home panel, click the Manage Quarantine link.
The Quarantine panel opens with a list of the items that you have quarantined, but have
not permanently deleted. For more information, see the Quarantine Details table on
page 20.
2. Select each item that you want to restore.
24
2: Sweeping your System
A check mark next to the item shows that it is selected and will be restored.
3. Click Restore Selected Items.
Note
If the Restore Selected Items button is unavailable (dimmed), you may not have
access to this function (see “Using multiple accounts” on page 10).
The Webroot software restores the selected items to their original locations and shows the
restore status at the bottom of the panel. If a selected item is part of an e-mail attachment,
the Webroot software saves it to the location specified in the Always save to: option of the
Setting the E-mail Attachments shield (see page 39) or prompts you to select the location
to restore the attachment (if you selected the Ask me where to save every file option).
2: Sweeping your System
25
26
2: Sweeping your System
3: Shielding your System
While the Webroot software is running, the shields actively monitor for potential threats that try to
download onto your computer. If the shields detect a suspicious item, an alert opens and asks if
you want to continue downloading the item or if you want to block it.
Virus protection
Shields also protect against viruses attempting to download to your computer, if
you have Webroot AntiVirus with AntiSpyware. See “Setting antivirus protection”
on page 47.
The Webroot software has preconfigured shields. To change shield settings for your own needs,
see the following topics:
•
Setting Web Browser shields.
Protect your default home page, list of favorites, and other settings related to your Web
browser.
•
Setting Network shields.
Monitor network communication between your computer and other Web sites.
•
Setting Windows System shields.
Protect your Windows system settings.
•
Setting the Startup Programs shield.
Stop unwanted programs from displaying in the Windows Start menu.
•
Setting the E-mail Attachments shield.
Monitor e-mail file attachments for potential threats.
You can also perform these tasks related to shields:
•
Setting antivirus protection.
Block viruses in some of the shield types.
•
Setting behavioral detection.
Block potential threats based on the item’s behavior.
•
Changing the shield alert method.
Determine how status alerts open.
•
Setting Gamer mode options.
Determine if the Execution shield turns off when Gamer mode is enabled.
3: Shielding your System
27
Viewing the shield summary
To see a summary of all shields and their status, click Shields in the Icon panel to display the
Shields Summary tab.
The icons in the Shields Summary panel indicate the following:
Status icons
—Full Protection
In the Shield Status, a green check mark indicates that all critical and
recommended shields are turned on.
—Partial Protection In the Shield Status, a yellow exclamation mark indicates that all critical shields
are on, but some recommended shields are off. In the panels below, an
exclamation mark appears next to the shield that is turned off. You can click the
shield name to go to the tab where you can turn the shield back on.
28
—Vulnerable
In the Shield Status, a red X indicates that one or more critical shields are not
turned on. In the panels below, a red X appears next to the shield that is turned
off. You can click the shield name to go to the tab where you can turn the shield
on. We strongly recommend keeping all critical shields turned on.
—Spyware shield
This icon appears next to shields that block spyware and potentially unwanted
programs. If it is grayed out, the shield is off.
—Virus shield
Webroot AntiVirus with AntiSpyware only.
This icon appears next to shields that block viruses. If it is grayed out, the shield
is off.
3: Shielding your System
Setting Web Browser shields
You can modify the shields that protect your default home page, list of favorites, and other settings
related to your Web browser.
To set Web Browser shields:
1. In the Icon panel, click Shields.
The Shields Summary tab opens, showing a summary of the available shields and their
status. (If any shields are dimmed, you do not have access to them; see “Using multiple
accounts” on page 10.)
2. Click the Web Browser tab.
3. Select the options you want to use. Items with a green check mark
are enabled.
Web Browser shields
Tracking Cookies
Watches for known cookies (matching those in the security
definitions) and removes them. Tracking cookies are cookies that can
track your Web activities. These may include cookies that contain user
names, passwords, or similar information that you enter on some Web
sites.
IE Favorites
Protects your Internet Explorer favorites. Whenever a Web site tries to
change your favorites, the Webroot software alerts you and lets you
accept or reject the change. Some Web sites add entries to your
favorites without informing you; this shield ensures that you are aware
of attempted changes.
Even if the Webroot software is not open when your favorites change,
it detects the changes and alerts you the next time you start the
program.
IE Security
Protects your Internet Explorer security settings (select Tools >
Internet Options and click the Security tab). Whenever a program
tries to change these settings, the Webroot software alerts you and lets
you accept or reject the change. Some programs change these options
without informing you; this shield ensures that you are aware of
attempted changes.
Browser Helper Object
(BHO)
Watches for the installation of Browser Helper Objects (BHOs).
Whenever a BHO tries to install itself, the Webroot software alerts you
and lets you accept or reject the change. BHOs are add-on programs
that work with your browser. Some spyware programs add BHOs
without your knowledge; this shield ensures that programs do not add
a BHO without your consent.
This option also blocks viruses that try to install along with a
BHO, if you have Webroot AntiVirus with AntiSpyware.
BHO Shield Options button:
Click to change the BHOs that start with Internet Explorer. See the
next section, “Editing BHOs used by Internet Explorer.”
Editing BHOs is for advanced users. Deselecting BHOs could
cause your browser to not work properly or cause your computer to be
unstable.
3: Shielding your System
29
Web Browser shields (continued)
IE Hijack
Protects various Internet Explorer functions, such as the search page,
error pages, and other default pages that Internet Explorer opens.
Whenever a program tries to change these pages, the Webroot
software alerts you and lets you accept or reject the change. Some
programs change (“hijack”) these pages without informing you; this
option ensures that you are aware of attempted changes.
Even if the Webroot software is not open when these pages change, it
detects the changes and alerts you the next time you start the program.
IE Hijack Shield Options button:
Click to edit the list of Hijack shields. See “Editing the IE Hijack
shield settings” on page 30.
Editing BHOs used by Internet Explorer
You can edit the BHOs that run when you start Internet Explorer. BHOs are add-on programs that
work with your browser. Some spyware and other potentially unwanted programs add BHOs
without your knowledge.
Caution
Editing browser add-on items is for advanced users. Editing items in the list could
cause your browser to not work properly or cause your computer to be unstable.
Edit with extreme caution.
To edit BHOs used by Internet Explorer:
1. From the Shields/Web Browser tab, click BHO Shield Options.
The Edit Browser Helper Objects window opens, with a list of the installed BHOs. Items
with a check mark start whenever Internet Explorer starts. To see more information about
an item, select it and click More Details. Not all programs provide additional details.
2. Deselect any BHOs you do not want to start whenever Internet Explorer starts.
3. Click OK.
Editing the IE Hijack shield settings
You can edit the individual IE Hijack shield settings, including the default home and search pages
for Internet Explorer.
To edit the IE Hijack shield settings:
1. From the Shields/Web Browser tab, click IE Hijack Shield Options.
A window opens for editing the settings.
2. Select the options you want to use. Items with a green check mark
30
are enabled.
3: Shielding your System
IE Hijack Shield Settings
IE Home Page Shield
Protects the Web site set as your home page (the site that opens
automatically when you start Internet Explorer or when you click the
Home button). Some spyware programs change your home page.
Use This Page
Enter the desired Web site address. The address must be in the
following format: http://www.webroot.com.
Alert me before
restoring this setting
Select to display an informational alert when the Webroot software
automatically changes the home page back to the site listed above. To
avoid seeing alerts about changes to your home page, do not select this
option.
IE Search Page Shield
Protects the page that automatically opens when you enter a nonexistent Web site. Some spyware programs change this page.
Use This Page
Enter the desired Web site address for performing Web searches. The
address must be in the following format: http://www.webroot.com.
Alert me before
restoring this setting
Select to display an informational alert when the Webroot software
automatically changes the search page back to the site listed above. To
avoid seeing alerts about changes to your search page, do not select
this option.
Advanced Settings
Provides advanced configuration options used only in error conditions
and/or when a system is severely infected. Use these options to repair
your Internet Explorer settings when a browser hijacker embeds itself
deeply in your browser. Webroot customer support is available to
assist.
User
Use this drop-down list to change settings to the current user account.
These settings effectively override the system settings below. Enter
the Web site addresses in the following format: http://
www.webroot.com. You can also enter the path to a file.
System
Use this drop-down list to change settings for all user accounts, unless
a limited user has customized the setting. (Only the computer
administrator can change this setting; see “Using multiple accounts”
on page 10.) Enter the Web site addresses in the following format:
http://www.webroot.com. You can also enter the path to a file.
Alert me before
restoring this setting
Select to display an informational alert when the Webroot software
automatically changes the pages listed in the Advanced Settings dropdown list back to the site or path listed in the text field. To avoid
seeing these alerts, do not select this option.
3. If you want to reset all of the Internet Explorer page settings back to the defaults
(automatic options) used when Internet Explorer was first installed, click Reset IE Page
Settings to Defaults.
4. Click OK.
3: Shielding your System
31
Setting Network shields
You can modify the shields that monitor network communication between your computer and
other Web sites. These communication settings are vulnerable to the effects of spyware and
viruses and can be changed without your permission. Network shields block some ads that may
open in your browser. They also stop Web sites from sending you to other, unexpected Web sites.
To set Network shields:
1. In the Icon panel, click Shields.
The Shields panel opens, showing a summary of the available shields and their status. (If
any shields are dimmed, you do not have access to them; see “Using multiple accounts” on
page 10.)
2. Click the Network tab.
3. Select the options you want to use. Items with a green check mark
are enabled.
Network shields
Common Ad Sites
Blocks banner and other advertising from common advertising sites.
When you go to a Web site that has advertising from one of the
blocked sites, you may see a small graphic that indicates a broken link
to a graphic (typically a red X in a box). This X just shows where the
blocked ad would display. The Webroot software updates these sites
when you update your definitions.
Hosts File
Monitors the Hosts file for any changes. Some programs will add or
change the IP address for a Web site in the Hosts file. When you try to
go to the added or changed Web site, you will really go to a different
Web site, such as an advertising site. This shield ensures that
programs do not change an IP address without your knowledge.
Hosts File Shield Options button:
Click to edit the Hosts file. For more information, see “Editing the
Hosts file” on page 33.
Internet Communication Monitors communication from your computer to known Web sites
that are related to potentially unwanted programs. The Webroot
software includes a list of known sites with its definitions.
If the Webroot software detects an attempt to communicate with a site
on the list, it displays a pop-up alert in the system tray (lower-right
corner of your screen) telling you that access to the site was blocked.
32
3: Shielding your System
Editing the Hosts file
Caution
This section describes highly technical features associated with how your computer
locates the actual address of a Web site. The features described here will not
damage your computer or remove anything you need if you enable them, but the
underlying technology is complex if you are not aware of how IP addressing works.
You can configure the Webroot software to continuously monitor several functions related to the
Hosts file. The Hosts file is a Windows file that helps direct your computer to a Web site using
Internet Protocol (IP) addresses. Your Web browser uses the IP address to actually connect to a
site.
When you go to a Web site, your computer first looks in the Hosts file to see if it already knows
where to go. If the domain (for example, webroot.com) is listed, your computer goes directly to the
IP address listed in the Hosts file. If the domain is not in the Hosts file, your computer looks up the
information from the Internet (a slightly slower process).
You can use the Hosts file to your advantage by routing certain domains, such as advertising sites,
to a dead end. This will block tracking cookies and other monitoring programs. However, some
spyware and adware will route (or “hijack”) certain domains to false addresses (for example, by
making a commonly used search site open to a porn site).
Using the Webroot software to manage the Hosts file, you can block a lot of unwanted adware
activity, while preventing your Web browsing from being hijacked. When the Webroot software
detects activity related to the Hosts File shield, it displays an alert.
To edit the Hosts file:
1. From the Shields/Network tab, click Hosts File Shield Options.
The Edit Hosts File window opens, showing entries that you, your IT department, or
potentially unwanted programs have added to your Hosts file. If you have the Common
Ad Sites Shield turned on, it does not display the blocked ad sites.
The Webroot software compares the IP address of each entry in the Hosts file to the
correct address on a domain name system (DNS) server. Any address that does not match
and is not set to the local machine address (127.0.0.1) is flagged as possibly hijacked
.
2. Select the entries you want to remove.
3. Click Delete Selected.
The Webroot software deletes the selected entries from your Hosts file.
4. Click Close.
3: Shielding your System
33
Setting Windows System shields
You can modify the shields that monitor Windows system settings, which some malware can
change if not protected.
To set Windows System shields:
1. In the Icon panel, click Shields.
The Shields panel opens, showing a summary of the available shields and their status. (If
any shields are dimmed, you do not have access to them; see “Using multiple accounts” on
page 10.)
2. Click the Windows System tab.
3. Select the options you want to use. Items with a green check mark
are enabled.
Windows System shields
ActiveX
Watches for programs that install ActiveX technology on your computer.
Whenever a program tries to install ActiveX technology, the Webroot
software alerts you and lets you continue the installation or stop it.
This option also blocks any viruses that try to install ActiveX
technology, if you have Webroot AntiVirus with AntiSpyware.
ActiveX Shield Options button:
Click to edit the ActiveX shield option.
Prompt me only for known spyware items:
This option watches for only known items from the security definitions
that try to install ActiveX technology. Leaving this option turned on will
reduce alert notifications, but could permit a new threat to install that is
not yet included in the definitions.
Alternate Data
Watches for programs that try to start from an Alternate Data Stream (ADS).
Stream Execution Turning on this shield lets the Webroot software alert you if a program tries
to start from an ADS.
This option also actively watches for viruses that try to start from an
alternate data stream, if you have Webroot AntiVirus with AntiSpyware.
Windows
Messenger
Service
34
Applies only to Windows XP. Not available for Vista.
Turns off and actively watches the Microsoft Messenger Service. This
service is not an instant messaging program and does not affect your use of
instant messaging. This service is often used for sending spam (unwanted email) and creating pop-up ads. Turning off the service stops these types of
spam and pop-ups.
If your computer is in your home, you can turn off this service without any
problem. If you work in a corporate environment, contact your system
administrator to determine if your company uses the service to communicate
with company employees. If you are not sure, leave the service turned on
until you know.
3: Shielding your System
Windows System shields (continued)
System Services
3: Shielding your System
Monitors the system registry and protects against unwanted services and
drivers from installing.
This option also blocks viruses that try to install in the system registry, if
you have Webroot AntiVirus with AntiSpyware.
System Services Shield Options button:
Click to edit System Services shield options.
Highest Security:
Select this option to display an alert related to any item detected by the
System Services shield.
High Security:
Select this option to allow a signed service, but display an alert when an
unsigned service or a potential malware application is detected.
Moderate Security:
Select this option to prompt only when potential malware is detected.
35
Windows System shields (continued)
Execution
36
Watches for known items from the security definitions that try to install
themselves. Whenever a potentially unwanted program tries to install itself,
the Webroot software alerts you and allows you to block or allow the
installation.
This option also actively watches for potentially unwanted programs that try
to start when you start a program and when you save to the disk drive.
Whenever the Webroot software detects a potentially unwanted program in
either of these situations, it alerts you and allows you to block or allow the
action. If you block the action, the Webroot software places the file that tried
to install, start, or save itself in Quarantine. You can then remove or restore
the file. See “Managing quarantined items” on page 23.
This option also watches for viruses that try to install themselves, if you
have Webroot AntiVirus with AntiSpyware.
Execution Shield Options button:
Click to edit Execution shield options.
Automatically quarantine programs detected by this shield:
Automatically stops the installation, startup, or saving of known items
from the security definitions and places the file that tried to install, start, or
save itself in Quarantine, without alerting you.
Automatically quarantine viruses detected by these shields: This
option automatically stops the installation, startup, or saving of known
viruses that are in the security definitions and places the file that tried to
install, start, or save itself in Quarantine, without alerting you. You must
have Webroot AntiVirus with AntiSpyware.
Scan for viruses when starting applications: This option watches
for viruses that try to start when you start a program on your computer,
alerts you, and allows you to block or allow the startup. Select this option
if you want stronger protection against viruses. If programs take longer to
start than you want, deselect this option. You must have Webroot
AntiVirus with AntiSpyware.
Analyze executable programs in protected memory space before
starting: Isolates and examines suspect processes when you start a
program and looks for potentially unwanted programs. The process
isolation gives the Webroot software a better chance to see what the
process does. If the process matches a security definition, the Webroot
software alerts you and allows you to block or allow the startup. Select this
option if you want stronger protection against potentially unwanted
programs. If programs take a long time to start, deselect this option.
3: Shielding your System
Windows System shields (continued)
File System
3: Shielding your System
Watches for programs during write and read operations.
This option also blocks any viruses that try to install during write and
read operations, if you have Webroot AntiVirus with AntiSpyware.
File System Shield Options button:
Click to edit File System shield options.
Scan on Write: Monitors files or programs that attempt to install (write)
to your computer.
Scan on Read: Monitors programs as your computer attempts to read
them. You can specify that all files types (extensions) are included by
clicking “Conduct full on-read scanning,” or specify that only certain file
types are included by clicking “Scan only selected file types on read.” To
include only specific file types, select the extension types and click Add to
Extensions to Scan. You can also delete items from the list by clicking on
the file extension and clicking Delete Selected. To return the list to its
original contents, select Reset List to Default.
Automatically quarantine programs detected by this shield:
Automatically stops the installation, startup, or saving of known items
from the security definitions and places those items in Quarantine, without
alerting you.
Automatically quarantine viruses detected by this shield: This
option automatically stops the installation, startup, or saving of known
viruses that are in the security definitions and places those viruses in
Quarantine, without alerting you. You must have Webroot AntiVirus with
AntiSpyware.
37
Setting the Startup Programs shield
You can set a shield to monitor the list of programs that start every time you start Windows. Some
spyware add themselves to this startup list if you are not protected, which causes the spyware
program to start every time you start Windows. The Webroot software also lets you edit the startup
items.
Caution
Editing startup items is for advanced users. Some items listed may be required by
Windows or other programs. Deselecting items from the list could cause your
computer to not start properly or cause some programs not to work. Edit with
extreme caution.
To set up the Startup Programs shield:
1. In the Icon panel, click Shields.
The Shields panel opens, showing a summary of the available shields and their status.
2. Click the Startup Programs tab.
3. Select the options you want to use. Items with a green check mark
are enabled.
Startup Programs shield
Startup Items
38
Watches for attempts to add any item to your startup list. Select an option
below to set when you want the Webroot software to alert you.
This option also actively watches for attempts to add viruses to your
startup list, if you have Webroot AntiVirus with AntiSpyware.
Startup Programs Shield Options... button:
Click to edit Startup Items shield options.
Alert me only for suspected spyware and virus changes to startup items:
Watches for attempts to add potentially unwanted programs, such as
spyware, adware, and suspect programs, to your startup list. Some spyware
will install to your startup list, so the programs will always run on your
computer. This shield ensures that spyware programs do not add themselves
to your startup list without you being aware of it.
This option also watches for viruses, if you have Webroot AntiVirus
with AntiSpyware.
Alert me for all startup item changes: Watches your startup list for all
changes. Some spyware will install to your startup list, so the programs will
always run on your computer. This shield ensures that you are always alerted
when a program tries to add an item to your startup list.
Checked items automatically start when Windows starts: The items in
this list start on your computer when Windows starts. To see more
information about an item, select it and click More Details (however, not all
programs provide additional details). If you do not want an item to start with
Windows, deselect its checkbox.
Some items listed may be required by Windows or other programs and
may cause your computer to not start properly if removed. Edit with caution.
3: Shielding your System
Setting the E-mail Attachments shield
You can set a shield to monitor file attachments for both incoming and outgoing e-mails. If the
Webroot software detects that an attachment or its contents match a threat definition, it replaces the
content of the attachment with an alert message that describes what it found. The Webroot
software will move the original attachment to Quarantine, where you can decide whether to save it
to your computer or delete it. You can also direct the Webroot software to always restore
quarantined e-mail attachments to a specific directory.
Note
The E-mail Attachments shield does not support e-mail clients that use Secure
Sockets Layer (SSL).
To set up the E-mail Attachments shield:
1. In the Icon panel, click Shields.
The Shields panel opens, showing a summary of the available shields and their status.
2. Click the E-mail Attachments tab.
3. Select the options you want to use. Items with a green check mark
are enabled.
E-mail Attachments shield
E-mail Attachments
3: Shielding your System
Monitors e-mail attachments for incoming e-mail (through POP3
protocol) and outgoing e-mail (through SMTP protocol). If it detects a
suspicious attachment, it replaces the content of the original file with an
alert message describing the potential threat, and then places the original
file in Quarantine.
Note: Some firewall configurations might prevent the E-mail
Attachments shield from monitoring e-mail. For more information, see
“Communication errors with the E-mail Attachments shield” on page 40.
This option also blocks any e-mail attachments where a virus has
been detected, if you have Webroot AntiVirus with AntiSpyware.
E-mail Attachments Shield Options... button:
Click to edit E-mail Attachments shield options.
Restoring Attachments:
Select Ask me where to save every file if you want to be prompted for
every quarantined attachment that you want restored or select Always
save to: to create a default location for restored e-mail attachments.
You can enter a file location in the field or click Select Location to
browse directories from Windows Explorer.
E-mail Port Settings:
Enter the POP3 port number for incoming mail and the SMTP port
number for outgoing mail. The Webroot software automatically
displays port numbers that most computers use for e-mail
communications. If necessary, change the port numbers or contact
your ISP (Internet Service Provider) for the port numbers.
39
Communication errors with the E-mail Attachments
shield
When the E-Mail Attachments shield is turned on, the Webroot software intercepts all traffic on
the POP3 and SMTP ports used for e-mail communications so it can scan attachments for spyware
and viruses. By default, the Webroot software monitors port 110 (POP3) for incoming mail and
port 25 (SMTP) for outgoing mail, but you can change the port numbers in the E-mail Attachments
settings, if necessary.
Some firewall configurations might prevent the Webroot software from intercepting e-mail traffic.
If this is the case, the following alert appears every time an e-mail is sent or received:
If this alert appears because a firewall application is blocking the Webroot software, you need to
configure your firewall application to allow the program to monitor the port traffic. For more
information about resolving communication issues between your firewall application and the
Webroot software, you can contact Webroot Technical Support or click the following link (you
must be connected to the Internet):
Firewall Configuration Information
If the alert appears only once or just periodically, the problem may be due to an inactive network
configuration or a non-responsive SMTP or POP server at the ISP (Internet Service Provider). This
is a temporary situation; the E-Mail Attachments shield should be able to function normally once
communication is restored. If the message appears frequently when these types of communication
errors occur, you can select “Do not show this message again,” so the alert only appears in the
session log (see “Viewing the session log” on page 54).
40
3: Shielding your System
4: Setting Options
The Webroot software includes options that allow you to control sweep settings, shield settings,
and other items related to program activity.
To set Webroot software options, see the following topics:
•
Viewing and setting sweep options.
Review preconfigured sweep settings (the areas it searches and the types of threats it
detects) and change settings for a Custom sweep.
•
Setting shield options.
Change options that affect how shields block threats.
•
Managing detected items automatically.
Determine how you want the sweeps and shields to manage items that are frequently
detected (block or ignore).
•
Managing automatic updates.
Change the interval at which the Webroot software checks for program updates and new
security definitions.
•
Setting program options.
Change some options that affect the Webroot software’s operation, such as whether it
loads when you start your computer.
•
Viewing the session log.
View activity for sweeps, shields, updates, and any errors that may have occurred.
4: Setting Options
41
Viewing and setting sweep options
Before running a sweep, you should review what options are currently set for each sweep type:
Full Sweep, Quick Sweep, and Custom Sweep.
See the following topics:
•
Reviewing options for Full and Quick sweeps
•
Configuring Custom sweep options
Reviewing options for Full and Quick sweeps
The Webroot software includes pre-set options for a Full Sweep and a Quick Sweep. You cannot
change these options. To run a sweep with modified settings, you must run a Custom Sweep (see
“Configuring Custom sweep options” on page 44).
To review option settings for Full and Quick Sweeps:
1. In the Icon panel, click Options.
2. Make sure the Sweep tab is selected.
3. Under Sweep Type, select either Full Sweep or Quick Sweep.
In the lower panel, a check mark appears next to each option that is currently enabled for
the selected sweep type.
The following table describes each option.
42
4: Setting Options
Sweep Options
Sweep All Attached Sweeps all drives attached to your computer (such as a CD-RW drive), as
Drives
well as the internal drives.
Virus Sweep
Applies only to Webroot AntiVirus with AntiSpyware.
Performs virus-sweeping in the following areas: Memory Objects,
Compressed Files, System Restore Folder, All User Accounts, and Direct
Disk Sweeping (providing those options are also turned on).
Windows Registry
Sweeps the computer’s registry, where spyware and other potentially
unwanted programs commonly create entries.
Memory Objects
Sweeps the computer’s random access memory (RAM), where spyware
and other potentially unwanted programs commonly load into memory.
Cookies
Sweeps for known cookies that are included in the security definitions. You
can determine which ones you want to keep from Quarantine.
Compressed Files
Sweeps compressed files such as .zip, .rar, .lzh, and .cab files, where
potentially unwanted programs can hide.
The first time the Webroot software scans compressed files, the sweep time
takes considerably longer than it would without sweeping compressed files.
But after the first sweep with this option, it will skip compressed files that
have not changed, thereby saving time.
System Restore
Folder
Applies only to Windows XP.
Sweeps the folder where Windows saves system restore files. If a restore
point contains a potentially unwanted program, the Webroot software finds
it and lets you remove it. After removing the unwanted program, you can
still use that restore point in the future.
All User Accounts
Sweeps registry entries for all user accounts or login IDs on your computer.
Direct Disk
Sweeping
Searches for strains of spyware that hide themselves from the Windows
operating system.
Rootkits
Sweeps for rootkits. A rootkit is a software tool that an attacker can use to
maintain access to your computer for malicious purposes.
Verify Executable
Programs
Performs a thorough analysis of executable programs by running them in a
protected memory area. This is an advanced detection technique that may
lead to longer scan times.
Behavioral
Detection
Applies only to Webroot AntiVirus with AntiSpyware.
Initiates Behavioral Detection, which analyzes programs for behavior
typical of malware before its code can execute.
4: Setting Options
43
Configuring Custom sweep options
You can change Custom Sweep settings to customize where the program looks for suspicious
items and what types of items the program scans.
To configure options for a Custom Sweep:
1. In the Icon panel, click Options.
2. Make sure the Sweep tab is selected.
3. Under Sweep Type, select Custom Sweep.
4. Click the Change Settings link.
Change custom
sweep settings
The Custom Sweep window opens, with a panel in the middle that provides four buttons
for selecting custom options: Where to Sweep, What to Sweep, Skip File Types, and
Advanced Options. You can select any button, in any order.
5. In the Where to Sweep panel, you can exclude certain drives, directories, or folders from
the sweep by deselecting them (click the checkbox to remove the green check mark
next to each folder or file). Typically, most spyware and other threats install on the C:
drive, but you should sweep all drives periodically.
Virus protection
If you have Webroot AntiVirus with AntiSpyware, you should sweep all drives
regularly. Webroot AntiVirus with AntiSpyware can sweep all internal drives for
viruses. Viruses can be found in all types of files and in any location.
6. In the What to Sweep panel, you can select options as described in the following table.
(Items with a check mark are enabled. Click in the box to deselect or select options.)
44
4: Setting Options
What to Sweep (Custom options)
Sweep for Viruses
Applies only to Webroot AntiVirus with AntiSpyware.
Enables virus sweeping in the following areas: Memory Objects, Sweep
All User Accounts, Compressed Files, System Restore Folder, and Direct
Disk Sweeping (providing those options are also turned on).
Automatically
quarantine viruses
detected during
sweep
Applies only to Webroot AntiVirus with AntiSpyware.
After performing virus cleaning, it places files in Quarantine that contain a
virus and lists them on the Quarantine panel during the sweep process.
Windows registry
Sweeps the computer’s registry, where spyware and other potentially
unwanted programs commonly create entries.
Memory objects
Sweeps the computer’s random access memory (RAM), where spyware
and other potentially unwanted programs commonly load into memory.
Cookies
Sweeps for known cookies that are included in the security definitions.
Sweep all user
accounts
Sweeps registry entries for all user accounts or login IDs on your
computer. If this option is turned off, the Webroot software only sweeps
the registry entries for the current user account.
Compressed files
Sweeps compressed files such as .zip, .rar, .lzh, and .cab files, where
potentially unwanted programs can hide. You may want to use this option
after you have found spyware programs and you want to be sure that you
have removed them.
Enabling this option increases sweep time significantly. (After the first
sweep with this option, the Webroot software will skip compressed files
that have not changed, thereby saving time.)
If you download a compressed file in the future, you can run a sweep on
just that file from Windows Explorer to save time. For more information,
see the instructions for setting the Add “Sweep” option to Windows
Explorer context menu on page 53.
System Restore
folder
Applies only to Windows XP.
Sweeps the folder where Windows saves system restore files. If a restore
point contains a potentially unwanted program, the Webroot software
finds it and lets you remove it. After removing the unwanted program, you
can still use that restore point in the future.
7. In the Skip File Types panel, you can specify the file types for the Webroot software to
ignore during a sweep. Enter the file extension and click Add to Skip List. For multiple
entries, use a comma or semicolon to separate entries (for example: .mp3,.wma).
Note
Do not skip .dll, .exe, or .com file types, because spyware and other potentially
unwanted programs typically hide in them. Be very careful when determining file
types to skip. Threats can hide in any type of file.
8. In the Advanced Options panel, you can select additional sweep options, as described in
the following table.
4: Setting Options
45
Advanced Options (Custom Options)
Enable Direct Disk
Sweeping including
Rootkit detection
Searches for strains of malware that hide themselves from the Windows
operating system, including rootkit files. Keep this option selected,
unless sweeps do not complete. Some computers need to turn off this
option for sweeps to run completely.
Sweep for masked files Sweeps for items hidden from the operating system.
When this option is selected, the time required for the sweep will
double. Use this option only if you are particularly concerned about
your computer’s security or continue to see unwanted advertising after
running a full system sweep. Otherwise, turn off this option for quicker
sweeps.
Analyze executable
programs in a
protected memory
space
Performs a thorough analysis of executable programs by running them
in a protected memory area. This is an advanced detection technique
that may lead to longer scan times.
Enable behavioral
detection
Applies only to Webroot AntiVirus with AntiSpyware.
Enables Behavioral Detection, which analyzes programs for behavior
typical of malware before its code can execute.
Automatically
quarantine behavioral
detections
Applies only to Webroot AntiVirus with AntiSpyware.
Places any items found with the Behavioral Detection feature in
Quarantine.
Sweep Speed vs.
Processor Usage
Allows you to provide more processing power to other programs as
sweeps are running. To do this, move the slider (click with your mouse
and drag) toward “Conserve processing power” at the left. This setting
slows the sweep process, but provides more processing power for other
programs. For the fastest sweeps, leave the slider all the way to the
right.
9. When you are finished selecting options, click OK.
Your Custom Sweep settings are automatically saved and are used any time you select
Custom Sweep as your sweep type.
46
4: Setting Options
Setting shield options
To configure shield options, see the following topics:
•
Setting antivirus protection. Blocks viruses in some of the shield types.
•
Setting behavioral detection. Blocks potential threats based on the item’s behavior.
•
Changing the shield alert method. Determines how shield alerts open.
•
Setting Gamer mode options. Determines if the Execution shield turns off when Gamer
mode is enabled.
Setting antivirus protection
When Antivirus Protection is turned on, the following shields also block viruses:
•
Browser Helper Object shield (see page 29)
•
ActiveX shield (see page 34)
•
Alternate Data Stream shield (see page 34)
•
System Services shield (see page 35)
•
Execution shield (see page 36)
•
File System shield (see page 37)
•
Startup Items shield (see page 38)
•
E-mail Attachments shield (see page 39)
Virus protection
Antivirus Protection is available only in the Webroot AntiVirus with AntiSpyware
version.
To set Antivirus Protection:
1. In the Icon panel, click Options.
2. Click the Shields tab.
3. Select the Protect against viruses option to enable virus-blocking in the shields listed
above.
4: Setting Options
47
Setting behavioral detection
Behavior detection is a method of identifying emerging threats, based on suspicious behavior that
is typical of malware programs. When this option is turned on, shields will block new threats that
may not yet be listed in the security definitions. However, be aware that on very rare occasions,
this detection method could classify a legitimate program as malicious because it shows malwarelike behavior.
Virus protection
The Behavioral Detection option is available only in the Webroot AntiVirus with
AntiSpyware version.
To set Behavioral Protection:
1. In the Icon panel, click Options.
2. Click the Shields tab.
3. Select Enable behavioral detection.
4. Select Automatically quarantine behavioral detection to move any found items into
Quarantine.
Changing the shield alert method
When the Webroot software detects activity related to any of the shield settings, it displays an
alert. Alerts that require immediate attention always open in a separate window and cannot be
changed. Alerts that do not require immediate attention open in a pop-up window from the system
tray; if desired, you can change the alert method so that the program opens and shows alert details
in the Alerts panel on the Home page.
To select the alert method:
1. From the Icon panel, click Options.
2. Click the Shields tab.
3. From Shield Alerts Method, select either:
48
–
Show notification above system tray: Shows a small, pop-up window above the
system tray (lower-right corner of your screen) whenever the Webroot software needs
to alert you to an activity that does not require immediate action. If the pop-up has a
link, you can click it for more details.
–
Open the program to show alert details: Opens the program’s Main window for
most types of alerts that require additional information. (Some alerts are informational
pop-ups, which still display only as a pop-up above the system tray.)
4: Setting Options
Setting Gamer mode options
For Gamer mode (silent program operation), you can control several options:
•
Turn off the Execution Shield. When you set the program to Gamer mode, all shields
will be turned off except for the Execution shield, so it can stop potentially harmful
executable files from launching on your computer. If desired, you can specify that the
Execution shield is turned off along with all other shields.
•
Automatically turn off Gamer Mode. You can specify how long you want to run the
program in silent mode before it automatically switches back to regular operations.
To turn off the Execution shield:
1. From the Icon panel, click Options.
2. Click the Shields tab.
3. From Gamer Mode Options, de-select the checkbox next to Turn Execution Shield OFF
when entering Gaming Mode.
To specify how long Gamer mode runs:
1. From the Icon panel, click Options.
2. Click the Shields tab.
3. From Gamer Mode Options, make sure the checkbox next to Automatically turn Gamer
Mode OFF... is selected. Enter the number of hours you want to use Gamer mode before it
turns off and switches to regular program operations.
4. If you do not want Gamer mode to automatically switch off, deselect the checkbox.
4: Setting Options
49
Managing detected items automatically
You can specify how certain items are automatically handled when detected by sweeps or shields.
By default, the Webroot software sets all items to Always Ask, which means that the program
always lists the items it detects and requires you to take action on each one (or just leave them in
Quarantine).
Trial Versions
If you have the Scan-Only trial version, you cannot quarantine and remove detected
items. Click Subscribe to buy a subscription so you can remove found items.
If you repeatedly see the same items during sweeps and shielding, you can specify that these items
are always ignored or always quarantined:
•
Always Quarantine. If the same unwanted items appear during sweeps, you can specify
that they are always quarantined and not listed in the Quarantine panel during a sweep. For
example, you might want to quarantine certain tracking cookies that get downloaded
whenever you visit a particular Web site so you don’t need to always quarantine the
cookies manually after every sweep. For shields, the Always Quarantine setting blocks
activities related to the particular item and does not open an alert.
•
Always Ignore. If you know some items are required for legitimate programs, you can
specify that they are always ignored and not listed in the Quarantine panel during a sweep.
For example, a legitimate program might need a piece of spyware that should not be
removed. In this case, you can instruct the Webroot software to always bypass that
spyware program during sweeps so it does not get moved. For shields, the Always Ignore
setting allows activities related to the particular item and does not open an alert.
After you specify how Webroot software manages items in the Always Apply tab, the sweep
function still detects them and includes them in its count of found items and traces, but it will not
include the items in the Quarantine list, which reduces the number of items you must evaluate after
sweeps.
Virus protection
Detected viruses are not displayed on the Always Apply tab (applies only to
Webroot AntiVirus with AntiSpyware).
To manage detected items automatically:
1. In the Icon panel, click Options.
2. Click the Always Apply tab.
The Always Apply tab opens with a list of all items found on your computer during past
sweeps.
50
4: Setting Options
Filter list
List of detected
items. Use Ctrl
and Shift to
select items.
Select how
to handle
found items
If desired, you can filter which items appear in the list by choosing one of the following
options from the drop-down list:
•
Show All Items. Displays all items found in any sweep, unless you have cleared the
item from the list.
•
Always Ask. Displays only found items that are set to Always Ask, which is the
default setting.
•
Always Ignore. Displays only found items that you have set to Always Ignore.
•
Always Quarantine. Displays only found items that you have set to Always
Quarantine.
To sort the list based on the heading, click a column head.
If you want to further reduce the number of items shown in the list, select ones that you
don’t plan to handle with Always Quarantine or Always Ignore and click Clear from List.
Clearing items does not delete them; it just makes the list on the Always Apply tab shorter
for you to manage. If the program finds the same item again, it will be added to the list.
3. To learn more about any item listed, click the View link. (You must be connected to the
Internet to see the additional information.)
The Webroot Web site opens in your browser and displays information about the selected
item to help you decide whether to ignore or quarantine the item.
4. Select each item that you want to either quarantine or ignore every time. To select more
than one item, hold down the Ctrl key and click each item you want to include.
5. Click either Always Quarantine or Always Ignore.
Later, if you want the Webroot software to always ask about an item, you can return to the
Always Ask panel, select the item again, and click Always Ask.
4: Setting Options
51
Managing automatic updates
For the highest level of protection, the Webroot software is already configured to check for
program updates and new security definitions on a daily basis. (You must be connected to the
Internet for update checks to be successful.) In addition, the Webroot software is also set to
automatically download definitions, if available. If desired, you can change the interval for
checking updates to hourly or you can turn off automatic checks and automatic downloads for
definitions. If you decide to turn off automatic checks, make sure you remember to manually
check for definition updates at least once a week. To see when you last updated them, open the
Main window (Home panel) and read the Updates panel.
To check or change settings for automatic updates:
1. In the Icon panel, click Options.
2. Click the Update tab.
3. Under Auto-Update, you can change the following settings:
•
Automatically check for program updates. We recommend that you keep this
option selected. If desired, you can change the interval from daily to hourly. If you
deselect this option, Webroot cannot notify you of either security definition updates or
program updates, nor can it automatically send updates to you (the next options are
automatically disabled). You will need to check for updates manually by clicking
Check for Updates below Update Now.
•
Automatically download security definitions if available. We recommend that you
keep this option selected. Updates will automatically download as long as you are
connected to the Internet. If you deselect this option, you must download updates
manually by clicking Check for Updates below Update Now.
Setting program options
You can set program options that allow you to control the behavior of the Webroot software, such
as whether you can run sweeps from Explorer.
To set program options:
1. In the Icon panel, click Options.
2. Click the Program tab.
3. Select the options you want to use. (Items with a green check mark
in the box to deselect or select options.)
are enabled. Click
Program options
Display
52
Display splash screen on
program startup
Displays the splash screen whenever the Webroot software first
starts.
Perform “Check Status”
on startup
Automatically performs a license check when the Webroot
software starts to provide up-to-date subscription information.
4: Setting Options
Program options (continued)
Add “Sweep” option to
Windows Explorer
context menu
Adds the Perform Security Sweep menu option to Windows
Explorer. When you right-click a file or folder from Explorer, you
can select this option to run a sweep at the selected location. For
more information, see “Starting an on-demand sweep” on page 17.
If this option is unavailable (dimmed), you may not have
access to it (see “Using multiple accounts” on page 10).
Proxy Settings
Proxy Settings ...
Allows you to enter a domain and port number for a proxy server,
if you use one to connect to the Internet. Click the Proxy Settings
button. Another window opens that allows you to select:
• Use Internet Explorer proxy settings
• Use custom proxy settings
If you select Use custom proxy settings, enter the fully qualified
domain name of the server (for example, proxy.company.com), the
port number, user name, and password.
Click OK when you have changed the setting.
Other Options
Load the program at
Windows startup
Starts the Webroot software whenever you start Windows, so it is
always protecting your computer. We recommend keeping this
option enabled. If you deselect this option, but have a scheduled
sweep set to When I Log On, the Webroot software still loads
with Windows.
If this option is unavailable (dimmed), you may not have
access to it (see “Using multiple accounts” on page 10).
Enable password
protection
Lets you create a password to protect access to the following
areas: Options, Shields, Alerts, and Quarantine panels, and shut
down. The Webroot software remembers your password as long as
you are actively using the program. After five minutes of
inactivity or after you minimize the program, it will ask for the
password again.
To enable a password, click this option. A window appears where
you can enter the password and confirm it. Be sure to remember
your password when using the program.
Report Potential Threat
Report Potential Threat
Lets you help the Webroot Threat Research team identify new
spyware and viruses. If you encounter something that you suspect
is a potential threat, click Report Potential Threat. See
“Reporting potential threats” on page 60 for more information.
Run Setup Wizard
Run Setup Wizard
4: Setting Options
Opens the Setup wizard, which allows you to configure some key
tasks in the Webroot software.
53
Viewing the session log
The session log shows all Webroot software activity for sweeps, shields, updates, and any errors
that may have occurred.
To view the session log:
1. In the Icon panel, click Options.
2. Click the Sweep tab.
3. Click the View Session Log link at the bottom of the panel.
A Session Log panel opens and shows all activity related to Webroot software operations.
By default, the Webroot software shows the last 20 log sessions, but you can modify that
amount by changing the value at the top, right of the panel.
If you want to save log activity to a file, click Save to File and enter a log name.
You can clear old log activity by clicking Clear Session Log.
54
4: Setting Options
5: Creating Scheduled Events
The Webroot software allows you to create scheduled events, such as automatic sweeps, so you
don’t need to run them manually. Scheduled events can run at intervals, such as monthly or
weekly, or at any time and day you specify.
To create scheduled events, see the following topics:
•
Scheduling sweeps.
Run sweeps automatically to scan your computer for spyware and other unwanted items.
•
Managing scheduled events.
Edit or delete schedules for automatic events, such as sweeps.
5: Creating Scheduled Events
55
Scheduling sweeps
You can schedule sweeps to run automatically. The sweep function scans your computer’s drives,
the Windows registry, memory, and other places where spyware and potential threats can hide. We
recommend that you run a Full sweep once a week. For more details, see Chapter 2, “Sweeping
your System” on page 15.
The Webroot software does not need to be open in the system tray for a scheduled sweep to run;
however, the computer must be turned on.
Note
If your computer is configured for multiple user accounts (each person logs in with
a unique name and password, as described in “Using multiple accounts” on
page 10), users can schedule their own sweeps. To run your own scheduled sweep
and to view the results, you must be logged into the user account where you created
the schedule.
To schedule sweeps:
1. From the Icon panel, click Schedule.
The Schedule window opens.
2. Under Add Events, select “Add a scheduled sweep” from the drop-down box and click
Add.
The Schedule Wizard window opens.
56
5: Creating Scheduled Events
3. Select the type of sweep you want to schedule and click Next:
•
Full Sweep. If you select this type of sweep, a Schedule Wizard panel opens for
entering the desired frequency and times (continue with step 4 below).
•
Quick Sweep. If you select this type of sweep, a Schedule Wizard panel opens for
entering the desired frequency and times (continue with step 4 below).
•
Custom Sweep. If you select this type of sweep, there are several panels for entering
custom options. Click Next after entering information for each panel; click Back if
you want to return to a previous panel and change the options. (You can create
multiple custom sweep schedules, each with different sweep settings.)
Custom sweep panels
Where to Sweep
If desired, you can exclude certain drives, directories, or folders from the
sweep by deselecting them (click the checkbox to remove the green check
mark next to each folder or file).
Typically, spyware and other threats install on the C: drive, but you
should sweep all drives periodically.
What to Sweep
Select the areas where you want to sweep for threats. For more
information, see the What to Sweep (Custom options) table on page 45.
Skip File Types
If there are any file types that you would like to skip during the sweep,
enter the file extension and click Add to Skip List. For multiple entries,
use a comma or semicolon to separate entries.
Do not skip .dll, .exe, or .com file types; spyware typically hides in these
types of files.
Advanced Options
Select the advanced options that you want to set. For more information,
see the Advanced Options (Custom Options) table on page 46.
4. Select an interval for the sweep (based on time or when you log onto the computer), then
click Finish.
The Schedule panel opens and shows your scheduled sweep. If desired, you can repeat the
previous steps to add another scheduled sweep.
To change a scheduled sweep, select it and click Edit This Event. To delete a scheduled
sweep, select it and click Delete This Event.
If desired, you can run one of the scheduled sweeps now by selecting it and clicking Run
This Event Now. If a potential threat is detected, see “Reviewing and quarantining items”
on page 19.
5: Creating Scheduled Events
57
Managing scheduled events
You can edit, delete, or run a schedule event at any time.
To manage scheduled events:
1. From the Icon panel, click Schedule.
The Schedule panel opens.
2. Click on a scheduled event.
3. Select one of the following:
•
Edit This Event: Opens the schedule wizard, where you can make changes.
•
Delete This Event: Removes the event from the schedule.
•
Run This Event Now: Initiates the event immediately.
58
5: Creating Scheduled Events
A: Webroot Support
You can contact Webroot through our Web site for:
•
Requesting Technical Support.
Submit an online trouble ticket.
•
Accessing the Knowledge Base.
Read articles that describe common issues and resolutions.
•
Reporting potential threats.
Report suspicious items to the Webroot Threat Research Center.
•
Joining the WARN program.
Help fight emerging threats by participating in Webroot Automated Research Network
(WARN).
A: Webroot Support
59
Requesting Technical Support
Technical support is available from the Webroot Web site. Submit a trouble ticket to our service
representatives at:
www.webroot.com/support
Note
If clicking the link above does not open your browser and take you to the Webroot
Support page, copy the text of the link and paste it into your browser.
We make every effort to respond to your request on the same day you send it in, but please allow
up to 48 hours.
Accessing the Knowledge Base
The Webroot Knowledge Base contains many articles that describe common issues and resolutions
for Webroot software operations. These articles are constantly updated, expanded, and refined by
Webroot support professionals to ensure that you have access to the very latest information.
To access this database, visit the Support Center at:
support.webroot.com
Note
If clicking the link above does not open your browser and take you to the Support
Center, copy the text of the link and paste it into your browser.
Reporting potential threats
If you believe that the Webroot software is not finding something you suspect is spyware, adware,
a virus, or a potentially unwanted program that you have on your computer, you can report it to the
Webroot Threat Research Center. Webroot follows up on all reports to determine if it should add to
its definitions.
Trial Versions
If you have a trial version, you cannot report potential threats.
To report spyware or viruses:
1. Make sure you are connected to the Internet.
2. In the Icon panel, click Options.
3. Click the Program tab.
4. Click Report Potential Threat.
60
A: Webroot Support
The Report Potential Threat window opens. You can use this window to enter information
about any problems you believe are related to spyware, adware, or viruses. In addition to
your comments, the program will send a log that contains information about the items
found on your computer.
5. Enter your e-mail address in the first field. If you do not want Webroot to contact you
about the problem, de-select the checkbox under the e-mail field.
6. Enter a description of the problem in the Comments field.
7. Click Send Report.
When the data has been transmitted successfully, a confirmation screen appears.
Joining the WARN program
The Webroot Automated Research Network (WARN) is a global community of individuals and
businesses who provide Webroot with sample items detected on their computers to help us identify
and fight emerging threats. When you join WARN, the software gathers information during
sweeps and shielding activities, including spyware, viruses, and potential threats that are not yet
classified, then sends the data to Webroot.
Note
The Webroot software does not gather personal information. Your participation is
completely anonymous.
After you installed the software, the Webroot Setup wizard prompted you to join the WARN
program. You can return to that Setup wizard and change your selection.
To join or opt-out of the WARN program:
1. In the Icon panel, click Options.
2. Click the Program tab.
3. Click Run Setup Wizard.
4. Follow the on-screen instructions to join the WARN program.
5. Click Next until you see the final Setup Complete screen, then click Finish.
A: Webroot Support
61
62
A: Webroot Support
Glossary
ActiveX
Developed by Microsoft, ActiveX technology is a group of functions allowing programs to
share information. Many legitimate programs use ActiveX, but some spyware programs also
use ActiveX to install themselves.
adware
Adware is a type of software that may display advertisements on your system. Some adware
may also hijack Web searches, meaning it may reroute your Web searches through its own
Web page. It may change your default home page to a specific Web site. Adware generally
propagates itself using dialog boxes, various social engineering methods, or through scripting
errors. Adware and BHOs are often bundled with various free software programs, such as
clocks, messengers, alerts, and software such as screensavers, cartoon cursors, backgrounds,
sounds, etc. Removing adware bundled with free software programs may cause the software to
stop operating. These adware programs may also cause slowing of your Web browser and
system performance issues.
Alternate Data Stream (ADS)
An Alternate Data Stream is a highly technical way to hide images, data, or code in a file and
can be used to hide malicious code. The hidden content is impossible to detect using regularly
available tools, such as Windows Explorer.
API
Application Program Interface. API is a language and message format used by an application
program to communicate with the operating system, a program, or a communications protocol.
The Windows API, also called WinAPI, is the core set of APIs available in the Microsoft
Windows operating systems.
applications
An application is a set of files that work together to make a software program. Some
applications, like Internet Explorer, access the Internet and allow traffic to flow in and out of
your computer.
Behavioral Detection
Additional protection against programs that may not match a threat definition, but exhibit
behavior typical of malware. The Webroot software stops the program from executing before
it can cause damage. This option can locate many emerging threats, but on very rare occasions,
a legitimate program could be classified as malicious because it shows malware-like behavior.
Browser Helper Objects (BHOs)
Browser Helper Objects are add-on programs that work with your browser. Some spyware
programs add BHOs without your knowledge.
Glossary
63
cache
A temporary storage area where data that you access frequently can be stored for rapid
retrieval.
certificate
A digital certificate identifies an entity and verifies its credentials so that information it sends
can be trusted. Certificates are issued by a Certificate Authority (CA), who attest that the
public key contained in the certificate belongs to the person, organization, server, or other
entity noted in the certificate.
child process
A computer process that is linked to a parent process and inherits most of the parent’s
attributes. Malware writers can sometimes create a child process and attach it to a legitimate
parent application. For example, Internet Explorer is used quite often by malicious processes
to circumvent security. Since Internet Explorer is usually “allowed” in security products, a
malicious process can spawn a child process and instruct it to perform some malicious task.
cookies
Cookies are small files that are generated by a Web server and stored on your computer for
future access. When you visit some Web sites, a cookie may be placed on your system to track
your personal preferences and Web surfing habits through uniquely identifiable information
(browsing habits, usernames and passwords, areas of interest, etc.). Some cookies may just
track which ads the site displayed while you were there to make sure the site does not display
the same ads. Other cookies may store preferences that you set, passwords you create for the
site, and information about the pages you visited. Some cookies can be helpful, because they
contain user names and passwords that let you log in to a Web site automatically or contain
preferences you set for a Web site.
CPU
Central Processing Unit. The CPU performs the computer processing and is usually contained
on a single chip. A complete computer system is comprised of the CPU, clock, main memory,
operating system, storage devices, and other controls.
Custom Sweep
A Custom Sweep lets you select options to meet your needs. The Webroot software saves your
custom sweep settings and uses them as the basis for any scheduled custom sweep that you
configure.
data center
A group of computer systems and associated components used to store a repository of data.
default
An option that automatically appears or is pre-selected.
definitions
A security definition is a set of fingerprints that characterize a potentially unwanted program,
such as spyware or adware, or that identifies types of viruses. Webroot regularly updates these
definitions to provide better protection against the latest versions of spyware and other
unwanted items.
64
Glossary
dialer
Dialers may disconnect your computer from your Internet Service Provider (ISP) and
reconnect you to the Internet using an expensive toll or international phone number. Dialers
can accrue significant phone charges and can run in the background, hiding their presence.
They generally propagate themselves using dialog boxes, various social engineering methods,
through scripting errors, or may be delivered with a Trojan horse. The Federal Trade
Commission recommends that you dispute the charges with your telephone company and
report the incident.
domain name
A name that identifies a Web site (for example, “webroot.com”). You can use either the
domain name or an IP address to access a Web site; in most cases, the domain name and the IP
address are interchangeable. Other times, a server can host several different Web sites (each
with unique domain names).
executable files
An executable file contains a program that can be launched when you double-click the file
name in Windows Explorer. Typically, executable files have an .exe file extension, but they
can also have other extensions, such as .bat or .com.
filters
A filter is a set of firewall rules for what packets to allow or deny. To monitor packets, filters
use a variety of screening methods, such as looking at the IP addresses, protocols, and ports
that the packets are using.
Full Sweep
A thorough sweep of all internal drives and drives directly attached to your computer.
host name
The name assigned to a computer so it can be identified on the Internet or a network.
Computers on the Internet are often named WWW. Computers on a network are usually single
names that describe the computer, such as “accounting1.” Host names can be part of a fully
qualified domain name (FQDN). For example, in “www.webroot.com,” the “www” is the host
name and “webroot.com” is the domain name.
HTML
HyperText Markup Language. The method used to display content in Web pages.
IP address
An Internet Protocol address identifies a machine (computer or server) on the Internet. The
address is a series of four numbers separated by periods (for example, 64.78.182.210). Your
own computer’s IP address may be the same address during every Internet connection (called
a static IP, used in most T1/DSL connections) or it may change for each Internet connection
(called a dynamic IP, used in most cable/dial-up connections).
keylogger
A keylogger is a type of system monitor that has the ability to record all keystrokes on your
computer. Therefore, a keylogger may monitor keystrokes, e-mails, chat room dialogue,
instant message dialogue, Web sites visited, usernames, passwords, programs run, and any
other typed material. They may have the ability to run in the background, hiding their
Glossary
65
presence. Keyloggers and system monitors may be used for legitimate purposes but can also
be installed by a user to record sensitive information for malicious purposes.
Someone with administrative access to your computer, such as a system administrator or
someone who shares your computer, typically installs commercial system monitors. This
program may be installed on the machine without your knowledge or consent, and may allow
an unauthorized, third party to view potentially sensitive information.
Worst case scenario: A third party may be able to view your personal conversations and may
gain access to private information such as your usernames, passwords, credit card numbers, or
your Social Security number.
local drive
A drive on your computer system, such as a CD, DVD, or disk drive (hard drive), that is
connected directly to the computer.
malware
Malicious software that is designed to destroy or harm your computer system, such as a virus.
netmask
The part of an IP address that identifies the host by filtering out (masking) the network
address. (An IP address has two components: the host address and the network address.) Also
called a subnetmask.
packets
Chunks of data that travel between machines on the Internet. When you send or receive data
over the Internet, the Transmission Control Protocol (TCP) divides the message into
manageable packets, which are efficient for routing. When the packets arrive on the receiving
end, TCP reassembles the message into its original form.
parent process
A computer process that has subprocesses (or “children”) associated with it.
ports
Ports are numbers that identify the entry and exit points of your computer. Computers divide
one physical port connection into thousands of virtual port connections, most of which are
never used. All communications protocols have designated entrance ports to your computer.
For example, traffic sent using HTTP for Web pages generally travels through port 80. Your
computer’s ports are either open or closed. An open port allows any information to flow
through it and can make your computer vulnerable to hackers. A closed port blocks incoming
traffic.
potentially unwanted program
A potentially unwanted program is a program that may change the security or privacy state of
your computer and online activities. These programs can (but do not necessarily) collect
information about your online activities and send it to a third party without your knowledge or
consent. A potentially unwanted program may arrive bundled with freeware or shareware,
various social engineering methods, or by someone with access to your computer.
processes
A process refers to the actual running of a program module. When a computer is booted,
numerous processes are started. Some are parts of the operating system, while others are
applications that have been designated to run at startup. Several processes may be associated
66
Glossary
with the same application. In Windows, you can view a list of running processes in the Task
Manager (press Ctrl-Alt-Delete, then click Task Manager).
protocols
Rules that govern the way information is transmitted from one device to another. For example,
the standard communications protocol for the Internet is TCP/IP and the standard protocol for
local networks is Ethernet.
proxy server
A computer system or router that acts as a relay between a client and server. Proxy servers are
used to help prevent an attacker from invading the private network and are often used in
building a firewall.
Quarantine
A holding area for spyware, viruses, and other potentially unwanted programs found during a
sweep. The quarantine process does not delete items from your computer. Rather, it keeps the
items in a safe place until you decide whether to delete them permanently or restore them.
Quick Sweep
A fast sweep of only locations where potentially unwanted programs are commonly found.
This type of sweep maximizes use of your computer’s processing power, to make the sweep as
fast as possible.
random access memory (RAM)
The main memory that acts as the computer’s workspace for running programs. Spyware and
other unwanted programs can steal the computer’s memory resources, which can lead to
system crashes, slower performance, or instability.
registry
A database of hardware and software settings about your computer’s configuration, such as the
types of programs that are installed. Spyware can create entries in the Windows registry,
which can ultimately slow down your computer and cause problems in your system.
restore point
A copy of the computer’s contents that allows you to restore your computer to a previous state.
rootkit
Rootkits use file obfuscation techniques to allow spyware and other malicious software to
avoid detection and removal. Rootkits typically hide logins, processes, files and logs, and may
include software to capture information from desktops or a network. A rootkit’s abilities to
hide the presence of an intruder and the intruder's actions explain the increase in use of this
method.
signed service
A certificate from an authorized certificate verification service (such as from VeriSign), which
ensures that an application, service, or driver is from a trusted source and has not been
tampered with.
spyware
Spyware is a program that may either monitor your online activities or possibly install
programs without your consent. Information about online activities may be subsequently sent
to a third party for malicious purposes without your knowledge. Spyware may arrive bundled
Glossary
67
with freeware or shareware, through e-mail or instant messenger, may propagate itself using
dialog boxes, various social engineering methods, scripting errors, or by someone with access
to your computer. Spyware is difficult to detect, and difficult (if not impossible) for the
average user to remove without the use of a top-quality antispyware program.
system monitors
System monitors, typically non-commercial, may monitor and capture your computer activity,
including recording all keystrokes, e-mails, chat room dialogue, instant message dialogue,
Web sites visited, usernames, passwords, and programs run. This type of program may be
capable of taking screen shots of your desktop at scheduled intervals and storing the
information on your computer in an encrypted log file for later retrieval. These log files may
be sent to a pre-defined e-mail address. A system monitor can run in the background, hiding its
presence. These programs typically install via other threats, such as music downloads and
Trojan downloaders. These system monitors may allow an unauthorized, third party to view
potentially sensitive information, such as passwords, e-mail, and chat room conversation.
threads
A thread represents a single process in a multitasking application, allowing that application to
split itself into two or more tasks running simultaneously.
traces
Individual elements that make up the security definition database. The more traces found and
put into the definitions, the more complete the removal of the potential threats.
training mode
A firewall function that analyzes the normal activities of your computer’s applications and
processes. The firewall uses this training period as a baseline, so that later, it can more easily
determine what activities deviate from normal. (If you do not enable a training period,
numerous alerts may display for all Internet applications and WinAPI processes as they
launch, which may require you to take action by selecting “allow” or “block” each time one of
these events first occurs.)
Trojan horses
A Trojan horse may take control of your computer files by using a program manager that
allows a hacker to install, execute, open, or close programs. The hacker can gain remote
control of your cursor and keyboard and can even send mass e-mails from your infected
computer. It can run in the background, hiding its presence. A Trojan is usually disguised as a
harmless software program and may also be distributed as an e-mail attachment. Opening the
program or attachment may cause an auto-installation process that loads the downloader onto
your computer and download third-party programs on your computer, resulting in the
installation of unwanted programs without your knowledge or consent, and jeopardizing your
privacy. Trojans can also open a port on your computer that enable a hacker to gain remote
control of your computer.
virus cleaning
A procedure that removes infected portions of a file, when a virus is detected during a sweep.
If the Webroot software can remove the virus successfully, it restores the cleaned file to your
computer in its original location and places a copy of the corrupted file in Quarantine. The
cleaned file is safe to use; the file in Quarantine is not safe to use.
68
Glossary
URL
Uniform Resource Locator. The URL is the unique address for a file that is accessible on the
Internet. To access the home page of a Web site, you can enter the URL of the home page (for
example: http://www.webroot.com) in the browser’s address line. You can also access specific
files using URLs (for example: ftp://www.webroot.com/sample.txt). The URL contains the
name of the protocol to be used to access the file resource, a domain name that identifies a
specific computer on the Internet, and a pathname for a specific file.
viruses
A virus is a self-replicating program that can infest computer code, documents, or
applications. While some viruses are purposefully malignant, others are more of a nuisance,
replicating uncontrollably and inhibiting system performance.
Glossary
69
70
Glossary
Index
A
ActiveX shield 34
Additional Tools download 21
administrative privileges 10
advertising, blocking 32
alerts 13
changing display method 48
disabling for gaming 12
viewing in session log 54
Alternate Data Stream Execution shield 34
Always Apply tab 50
Always Ignore option 50
Always Quarantine option 50
Antivirus Protection shield 47
attachments, E-mail Attachments shield 39
automatic quarantine or ignore 20
automatic updates 52
Auto-Update option 52
B
behavioral detection 43
custom sweep setting 46
enabling 48
BHOs, editing shield options 30
Browser Helper Object shield 29
C
categories of threats 20
Change Settings link for sweep 44
Check for Updates link 11
Check Status link 10
closing the Main window 8
Common Ad Sites shield 32
compressed files sweep setting 43
cookies 3
found during sweep 18
shielding from 29
sweep setting 43
Custom Sweep 16
changing options 44
running 17
customer support 60
D
definitions 4
updating 11
used during sweep 18
direct disk sweep setting 46
User Guide
direct disk sweeping 43
drives, sweeping 43
E
E-mail Attachments shield 39
e-mail, communications error alert 40
errors, viewing 54
events 55
changing or deleting 58
sweeps 56
executable programs, analyzing in protected space 46
Execution shield 36
Explorer, running sweeps from 18
extensions, file system scanning 37
F
favorites for IE, protecting 29
File System shield 37
firewall issues with E-mail Attachments shield 40
Full Sweep 16
options for 42
running 17
G
Gamer mode 12
turning off automatically 49
turning off Execution shield 49
H
home page for IE, protecting 31
Home panel 7
Hosts File shield 32
Hosts file, editing 33
I
Icon panel 5
IE Hijack shield 30
IE Hijack shield, editing 30
Internet Communication shield 32
IP address changes, blocking 32
items detected during sweep 19
K
Knowledge Base, at Webroot Web site 60
L
Load the program at Windows startup 53
logs, sweeps and shield activity 54
71
M
Main window and panel 5
closing 8
Home functions 7
icon functions 6
opening 5
masked files, sweeping for 46
memory objects sweep setting 43
memory, program pieces swept 18
Messenger Service shield 34
N
Network shields, setting 32
O
opening the main window 5
operating system, sweeping 43
options, program 52
P
password, setting for program 53
processing power, conserving 46
program options 52
proxy settings 53
Q
Quarantine 23
accessing and managing detected items 23
automatically place items in 50
deleting items from 24
items displayed in panel 19
keeping items in 23
moving items after sweep 20
restoring items from 24
Quick Sweep 16
options for 42
running 17
R
RAM sweep setting 43
Read shield 37
registry entries 43
registry items swept 18
registry sweep setting 43
registry, protecting 35
renewing subscription 10
Report Potential Threat option 53
reporting potential threats 60
restore point, sweeping 43
risk ratings of threats 20
rootkits, sweeping 43
Run Setup Wizard 53
running sweeps immediately 17
running the program 5
72
S
Scan on Read shield 37
Scan on Write shield 37
scheduling 55
deleting or editing schedules 58
sweeps 56
search page for IE, protecting 31
security settings for IE, protecting 29
server, proxy 53
session log, viewing 54
Setup Wizard 53
Shield Alerts method 48
shields 27
alerts for 13
Antivirus Protection 47
disabling for gaming 12
E-mail Attachments 39
Network 32
Startup Programs 38
summary 28
Web Browser 29
Windows System 34
shutting down the program 9
silent mode 12
Skip File Types panel 45
splash screen, disabling 52
spyware 3
managing in quarantine 23
reporting 60
shielding from downloading 27
sweeping for 17
viewing more details online 20
starting the program 5
starting the program from Explorer 53
Startup Programs shield 38
stopping program operation 9
subscriptions 4
renewing 10
viewing status 7
Summary panel 22
support 60
Sweep Speed vs. Processor Usage 46
sweeps 15
adding option to Explorer 53
automatic ignore or quarantine 50
changing what to sweep 44
disabling for gaming 12
results of 18
running from Explorer 18
running immediately 17
scheduling 56
setting options 42
summary of 22
Index
sweeps 15 (continued)
types of 16
system restore folder sweep setting 43
System Services shield 35
system tray icon 5
system tray menu 9
system tray, changing alert method 48
T
tabs, using 8
technical support 60
traces found during sweep 19
Trial version 2
U
updates to program 11
automatic 52
perform Check Status on startup 52
user accounts sweep setting 43
user accounts, using multiple 10
V
verify executable programs 43
User Guide
version, viewing current version number 7
viruses 3
automatic quarantine setting 45
changing automatic quarantine setting 46
managing in quarantine 23
reporting 60
setting sweep option 45
shielding from downloading 47
sweep option setting 43
sweeping for 17
updating program for protection 11
viewing more details online 20
W
WARN program 61
Web Browser shields, setting 29
Webroot products 2
Webroot Support 59
What to Sweep panel 44
Windows Messenger Service shield 34
Windows Startup shield 38
Windows System shields, setting 34
Write shield 37
73
74
Index

Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project