I don't get how I am supposed to manage overrides in the web portal.


All I see is a list of MD5 hashes and unless I drill down I cannot see the file name.  If I look at my global overrides, there are about 900 entries of files that I have labelled as good.  A large number of these were probably considered unknown in the cloud when I added them.  Presumably, some of them have become "known good" since then.  

 

It seems like I should be able to look at the list of file namess and what their current cloud status.  Then I could remove unneccessary override from my whitelist.  Better yet, maybe pruning of the override list could be automatic.

 

It also seems confusing that override can be global or attached to a site or policy.  Many things I whitelist are at the global level, but it does not seem that I can tell if there are policy-level overrides for the same file.  

 

Am I missing something that would allow me to effectively manage these lists? 

6 replies

Userlevel 7
Badge +56
@ wrote:

All I see is a list of MD5 hashes and unless I drill down I cannot see the file name.  If I look at my global overrides, there are about 900 entries of files that I have labelled as good.  A large number of these were probably considered unknown in the cloud when I added them.  Presumably, some of them have become "known good" since then.  

 

It seems like I should be able to look at the list of file namess and what their current cloud status.  Then I could remove unneccessary override from my whitelist.  Better yet, maybe pruning of the override list could be automatic.

 

It also seems confusing that override can be global or attached to a site or policy.  Many things I whitelist are at the global level, but it does not seem that I can tell if there are policy-level overrides for the same file.  

 

Am I missing something that would allow me to effectively manage these lists? 

Is this a list that you put in all at once or did these 900 overrides come from actual software that Webroot was interfering with?

 

We don't have a good management system for that many overrides because our software isn't really designed to require that many overrides put in.  

 

You've got a couple of options at this point:

1. Contact support and they can pull some logs and see what still needs to be overridden or not, and then you can pull out all the overrides you don't need anymore.  Honestly they should also be able to whitelist things centrally to the point where you don't need any

 

2. Nuke them all and then see if anything breaks and then override just that software.  Again support can help you by whitelisting things in our database.

 

Hope that helps!
These are overrides that I created over the last year because


  1. the files showed up in an undetermined software report
  2. the file was quarantined
Is it better to just let the software stay undetermined?
Its clear that nobody put much thought or planning into this.  The UI is different if you look at the global overrides on the home page or the overrides within the site.  The first is painful.  You must delete overrides one at a time and each one take 3 clicks to delete. 

 

The site overrides show you more info and allow you to export to excel.  You can select and delte multiple overrides at one time, but you cannot delete the global overrides on this page, even though you can see them. 

 

Incredible.  
Userlevel 7
Hello,

 

We apologize that the feature is not preferable to you. 

 

You can leave the software undetermined if you like and then run an undetermined report but we generally advise against it as the report will pull in everything. Its better to build exclusions off local reports to see what is being monitored on a specific endpoint. 

 

If this is causing software not to work properly it would be advisable to reach out to support for further assistance.

 

Regards,
I'm having this issue too.. and they say our 180 Entries is causing a problem.. you have 900.. ouch.
Userlevel 7
@ wrote:

I'm having this issue too.. and they say our 180 Entries is causing a problem.. you have 900.. ouch.

@ I've created a support ticket on your behalf with our Team so they can straighten this out.

 

Thanks for letting us know! :D

Reply