Product Update Bulletin 28.0 - 16th November 2016

  • 16 November 2016
  • 5 replies
  • 72 views

Userlevel 7
  • Retired Webrooter
  • 1460 replies


 

NEW Web Shield & Mac Agent Commands – November 2016

OVERVIEW

Webroot SecureAnywhere already features many web threat protection layers, including the ability to detect and block malicious and known phishing URLs. In this release we are fully integrating much more of the world-class contextual threat intelligence available from within our Webroot BrightCloud® Threat Intelligence Services.  We will be upgrading all business customers, as a no cost upgrade, to latest version of our new Web Threat Shield so they too benefit from the threat intelligence already deployed by over 40 other network and security vendors.
 
The new Web Threat Shield will include the addition of real-time web categorization and web reputation filtering, real-time anti-phishing scanning, improved web search ratings and web blocking notifications. These new capabilities will improve web safety and significantly mitigate the risks from threats like polymorphic phishing URLs and other web-based attacks. They are part of our commitment to continuously enhance device and user malware prevention and protection efficacy and functionality within our endpoint security.
 
In addition to the new Web Shield we are adding improvements to our Mac Agent management, to match the ease of management of Windows environments.  With Mac Agent version 9.0.4.23 and greater we are upgrading the management console to execute 13 new Mac agent commands.  (You might be interested to know that the Webroot Mac Agent was recently favorably tested by AV Comparatives in their Mac Security Review/Test 2016 that is available from here
 
To summarize, this update includes:
 
  1. NEW Web Classification Integration – with Webroot BrightCloud® Web Classification and Reputation now delivered through our supported web browsers
  2. NEW Real-Time Anti-Phishing Scanning Integration – with Webroot BrightCloud® Real Time Anti-Phishing’s time of request scanning delivered through supported web browsers
  3. NEW Search Result Annotations – color coded reputation icons for Google, Bing, and Yahoo search engines
  4. NEW Enhanced Web Block Pages – to provide users with more information and add policy controlled user options.
  5. NEW Apple Mac Agent Commands - receive and execute 13 new Agent Commands previously only available for PC.
  6. NEW Forced Mac “Poll” Option – a new poll option to force a Mac Agent to check-in to your management console and receive data, including any pending policy updates.

 

1.      Web Classification and Reputation Upgrade

Website requests via a supported browser will now be validated using Webroot BrightCloud Web Categorization and Reputation data. This will offer highly accurate and, ultimately = much safer browsing for end users. We will now automatically block any site categorized by our Webroot BrightCloud Threat Intelligence Services as:
 
  • Category 49 – Key logger
  • Category 56 – Malware
  • Category 57 – Phishing
  • Any site where the web reputation score is 20 or lower


Fig 1. Daily Statistics from BrightCloud Web Classification & Reputation Services
 

2.      Real-Time Anti-Phishing Upgrade

When accessed via supported browsers, websites that do not belong to overtly malicious categories will now be checked using the BrightCloud® Real-Time Anti-Phishing Service.  This is a step change security enhancement, as it provides real-time site analysis at the time of request, with scans typically taking place in typically a second.
 
Unlike other solutions this service is delivered in real time and not via outdated URL blacklists or look-up feeds that offer little protection against polymorphic zero-day phishing sites. Real-time anti-phishing is automatically activated when a web site does not belong to web categories 49, 56, or 57 (see above) and it has a score of 21 or higher. Since phishing and spear phishing are particularly successful in breaching networks for malware delivery this new scanning will significantly reduce phishing ransomware and other phishing breaches.
 

3.      Search Safety Ratings

Google, Bing, and Yahoo search engine users will see annotated search results in supported browsers. Each search result will appear with a colored icon (see Fig 2) to indicate the current reputation of that website.
 
Additionally, users can now hover over the colored icon to see a tooltip with more information about the reputation of that website. Following the launch of this enhanced functionality, the annotated search feature will be on by default. (This default setting can be changed from within the management console).
 
 


Fig 2. Web Reputation – Color vs Risk Scoring Parameters
 
 
 


Fig 3. Google Search with HIGH RISK Tooltip
 


Fig 4. Yahoo Search with MODERATE RISK Tooltip 

 

4.      Enhanced Block Pages

The new web inform pages will give users a better experience by providing more information on why a website has been blocked, and will be clearer on the actions your users can take when a block occurs. Users will now see a block page containing the following information:
  • A reason for the block, including reputation indicator and site category where applicable
  • “Get me out of here” option – clickable call-to-action for navigating the user back to a blank browser page
  • An option to close the block page and continue to the website (this function is optional, and set to off by default)
  • An option to submit a request for the website to be reviewed by Webroot (this function is optional and set to off by default)
Note: The “Submit a request to Webroot” function has a non-mandatory field for free text feedback.
 


Fig 5. An Example of the New Block Page
 

 
 Fig 6. Enhanced Block Page with Page Options Expanded

 

5.      New Mac Agent Commands

Thirteen agent commands for use with Apple Mac OS are introduced to considerably improve the manageability of Mac endpoints, the new commands are:
 


 

 

Fig 7. New Apple Mac Agent Commands View
 
Important Notes:
  • If both Mac and PC endpoints are selected at the same time then the PC agent command list will be shown in the console.
  • We have also retained the Windows term run a DOS Command for both PC’s and Mac’s (while the Mac term is properly a ‘Shell Command’).
The following views are within the updated management console UI.
 


Fig 8. Group Management- Additional Mac Agent Commands
 

6.      New Forced Mac Poll Option

In addition to the new Agent Commands we have introduced a forced poll option for Mac agents. This option is particularly useful when you need to ensure that any Mac agent checked into the Webroot management console is receiving data, including any pending agent commands or policy revisions.
 
IMPORTANT NOTE:  This option is NOT run from within the Webroot management console or from within Agent Commands. It must be run from your own endpoint management tools.
The syntax for the new command is: sudo /usr/local/bin/WSDaemon –poll

5 replies

Userlevel 7
Badge +30
@Thanks for the detailed report of the update.
 
Curious, I've noticed some new reports available in client sites under the reports tab (such as Websites blocked etc..), but those new reports, unlike the undetermined software seen etc.. have no export option.

Will this be available soon as having these reports available at top level GSM so we can get site by site reports of these?
 
John
Userlevel 3
@
It is unclear from your announcement above to which product the webshield changes apply . I am using WRSA Business Agent v9.0.13.75 on Win10 Pro and am not seeing any of the Search Safety ratings or web reputation on Google in Firefox or IE11 ?
Userlevel 4
Is there any way to avoid having the Webroot Filtering Extention added to the browsers?

BR
Rikard
Userlevel 7
Badge +30
Yes....It can be turned off by policy in the console
Userlevel 3
Badge +9
That's nice on the Mac front, but nearly wasted effort for buisinesses.  The 2 biggest issues I have had with even rolling out Webroot to my Mac clients is that;
 
1. You cannot apply policies to Mac clients, which makes them essentially unmanagable from a business perspective.  I'm not sure who on your product team doesn't realize the priority of this, but wow.


 
2. The majority of our Mac clients use Adobe CC applications daily.  Currently Webroot hijacks/locks down the keyboard shortcuts for Adobe apps due to Secure keyboard entry mode.  You can disable this on each client, but again, that's a management nightmare.  This issue has been around for a very long time and could be worked around with a policy option..assuming policies can be applied to Mac clients at some point 😕  This issue doesn't just affect Adobe apps btw.
 
Some old links:
 
https://community.webroot.com/t5/Product-Questions/Central-management-of-Mac-Clients/td-p/183539
 
https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Webroot-Internet-Security-Complete-2013-Mac-disables-OSX-10-8-3/m-p/32172#M2713
 
Thank you,
 
Nic
 
 

Reply