Shields constantly monitor activity while you surf the Internet and work on your computer, protecting your computer from malware and viruses. As you surf Internet sites, you could be targeted for a drive-by download, where an unwanted program launches and silently installs on your computer as you view pages. We recommend you keep all shields enabled.
Shields run in the background without disrupting your work.
If a shield detects an item that it classifies as a potential threat or does not recognize, it displays an alert. The alert asks if you want to continue or block the site. Do one of the following:
If you recognize the file name and you are purposely downloading it, for example, you were in the process of downloading a new toolbar for your browser, click Unblock page and continue.
If you were not trying to download anything, you should click Go back to safety.
If you feel that the shield is alerting you to a page that is not high risk, then you can click the Request Review button.
SecureAnywhere includes the following types of shields:
Realtime shield — Monitors unknown programs to determine whether or not they contain threats. Blocks known threats from running on your computer that are listed in Webroot’s threat definitions and in our community database. You should never disable this shield.
Rootkit shield — Blocks rootkits from being installed on your computer and removes any that are present.
Web shield — Blocks known threats encountered on the Internet and displays a warning. The Web shield maintains information on more than 200 million URLs and IP addresses to comprise the most accurate and comprehensive data available for classifying content and detecting malicious sites.
USB shield — Monitors an installed USB flash drive for threats, blocks and removes any threats that it finds.
Offline shield — Protects your system from threats while your computer is not connected to the Internet.
The shields are preconfigured, based on our recommended settings. You do not need to configure any settings yourself unless you are an advanced user and would like to change the settings. For more information, see Changing Shield Settings.
Indicators Displayed With Query Results
When you run an Internet query such as a Google search, SecureAnywhere shields modify the results display with icons that give you safety information about each website returned as a result of the search. The icon displays to the left of each website name in the list of query results. The table below describes the meaning of each icon.
These are well known sites with strong security practices, and rarely exhibit characteristics that expose you to security risks. There is a very low probability that you will be exposed to malicious links or payloads.
These are benign sites, and rarely exhibit characteristics that expose you to security risks. There is a low probability that you will be exposed to malicious links or payloads.
These are generally benign sites, but have exhibited some characteristics that suggest security risk. There is some probability that you will be exposed to malicious links or payloads.
These are suspicious sites. There is a higher than average probability that you will be exposed to malicious links or payloads.
These are high risk sites. There is a high probability that you will be exposed to malicious links or payloads.
Ratings are temporarily unavailable or the Webroot agent is shut down. Wait for service to be restored or check to be sure the Webroot agent is running.
Infrared Shielding and Warning Messages
SecureAnywhere might display warnings to you even if you are not currently running a scan. There could be an unauthorized access to your computer even if you are working elsewhere on your computer and not currently surfing the Internet.
In some cases, SecureAnywhere takes care of the problem automatically; for less severe cases, you are prompted to make a decision about whether or not you want to continue.
To make a determination about what level of warning to display, SecureAnywhere uses a technology called Infrared. Infrared is a multi-layer defense that blocks threats very early in their lifecycle. This is accomplished through a number of engines that work together, considering several factors:
The safety level of websites.
The reputation and behavior of newly introduced applications.
By interpreting user behavior with an overall assessment of the safety level of the system. If a user is classified as a higher risk, based on a combined view of the security of their operating system, applications, and prior threats which have been observed, Infrared dynamically tunes its heuristics and background processing, flexing within the configuration options the user has set, but increasing their effectiveness while preventing false positives for the vast majority users.
This risk assessment affects every protection module, from the firewall to behavior monitoring to realtime protection, and eventually to website blocking as well. The end result is a set of protections that is custom-tailored to the user's specific circumstances.
Sample warnings are shown below that may appear on your screen.