NEW Web Shield & Mac Agent Commands – November 2016
OVERVIEWWebroot SecureAnywhere already features many web threat protection layers, including the ability to detect and block malicious and known phishing URLs. In this release we are fully integrating much more of the world-class contextual threat intelligence available from within our Webroot BrightCloud® Threat Intelligence Services. We will be upgrading all business customers, as a no cost upgrade, to latest version of our new Web Threat Shield so they too benefit from the threat intelligence already deployed by over 40 other network and security vendors.
The new Web Threat Shield will include the addition of real-time web categorization and web reputation filtering, real-time anti-phishing scanning, improved web search ratings and web blocking notifications. These new capabilities will improve web safety and significantly mitigate the risks from threats like polymorphic phishing URLs and other web-based attacks. They are part of our commitment to continuously enhance device and user malware prevention and protection efficacy and functionality within our endpoint security.
In addition to the new Web Shield we are adding improvements to our Mac Agent management, to match the ease of management of Windows environments. With Mac Agent version 220.127.116.11 and greater we are upgrading the management console to execute 13 new Mac agent commands. (You might be interested to know that the Webroot Mac Agent was recently favorably tested by AV Comparatives in their Mac Security Review/Test 2016 that is available from here:
To summarize, this update includes:
- NEW Web Classification Integration – with Webroot BrightCloud® Web Classification and Reputation now delivered through our supported web browsers
- NEW Real-Time Anti-Phishing Scanning Integration – with Webroot BrightCloud® Real Time Anti-Phishing’s time of request scanning delivered through supported web browsers
- NEW Search Result Annotations – color coded reputation icons for Google, Bing, and Yahoo search engines
- NEW Enhanced Web Block Pages – to provide users with more information and add policy controlled user options.
- NEW Apple Mac Agent Commands - receive and execute 13 new Agent Commands previously only available for PC.
- NEW Forced Mac “Poll” Option – a new poll option to force a Mac Agent to check-in to your management console and receive data, including any pending policy updates.
1. Web Classification and Reputation UpgradeWebsite requests via a supported browser will now be validated using Webroot BrightCloud Web Categorization and Reputation data. This will offer highly accurate and, ultimately = much safer browsing for end users. We will now automatically block any site categorized by our Webroot BrightCloud Threat Intelligence Services as:
- Category 49 – Key logger
- Category 56 – Malware
- Category 57 – Phishing
- Any site where the web reputation score is 20 or lower
Fig 1. Daily Statistics from BrightCloud Web Classification & Reputation Services
2. Real-Time Anti-Phishing UpgradeWhen accessed via supported browsers, websites that do not belong to overtly malicious categories will now be checked using the BrightCloud® Real-Time Anti-Phishing Service. This is a step change security enhancement, as it provides real-time site analysis at the time of request, with scans typically taking place in typically a second.
Unlike other solutions this service is delivered in real time and not via outdated URL blacklists or look-up feeds that offer little protection against polymorphic zero-day phishing sites. Real-time anti-phishing is automatically activated when a web site does not belong to web categories 49, 56, or 57 (see above) and it has a score of 21 or higher. Since phishing and spear phishing are particularly successful in breaching networks for malware delivery this new scanning will significantly reduce phishing ransomware and other phishing breaches.
3. Search Safety RatingsGoogle, Bing, and Yahoo search engine users will see annotated search results in supported browsers. Each search result will appear with a colored icon (see Fig 2) to indicate the current reputation of that website.
Additionally, users can now hover over the colored icon to see a tooltip with more information about the reputation of that website. Following the launch of this enhanced functionality, the annotated search feature will be on by default. (This default setting can be changed from within the management console).
Fig 2. Web Reputation – Color vs Risk Scoring Parameters
Fig 3. Google Search with HIGH RISK Tooltip
Fig 4. Yahoo Search with MODERATE RISK Tooltip
4. Enhanced Block PagesThe new web inform pages will give users a better experience by providing more information on why a website has been blocked, and will be clearer on the actions your users can take when a block occurs. Users will now see a block page containing the following information:
- A reason for the block, including reputation indicator and site category where applicable
- “Get me out of here” option – clickable call-to-action for navigating the user back to a blank browser page
- An option to close the block page and continue to the website (this function is optional, and set to off by default)
- An option to submit a request for the website to be reviewed by Webroot (this function is optional and set to off by default)
Fig 5. An Example of the New Block Page
Fig 6. Enhanced Block Page with Page Options Expanded
5. New Mac Agent CommandsThirteen agent commands for use with Apple Mac OS are introduced to considerably improve the manageability of Mac endpoints, the new commands are:
Fig 7. New Apple Mac Agent Commands View
- If both Mac and PC endpoints are selected at the same time then the PC agent command list will be shown in the console.
- We have also retained the Windows term run a DOS Command for both PC’s and Mac’s (while the Mac term is properly a ‘Shell Command’).
Fig 8. Group Management- Additional Mac Agent Commands
6. New Forced Mac Poll OptionIn addition to the new Agent Commands we have introduced a forced poll option for Mac agents. This option is particularly useful when you need to ensure that any Mac agent checked into the Webroot management console is receiving data, including any pending agent commands or policy revisions.
IMPORTANT NOTE: This option is NOT run from within the Webroot management console or from within Agent Commands. It must be run from your own endpoint management tools.
The syntax for the new command is: sudo /usr/local/bin/WSDaemon –poll