Question

Webroot not blocking any outgoing traffic on windows 10 machines...


Hello,

 

Discovered today that the latest build of Webroot on windows 10 computers don’t block any outgoing traffic, no matter what the settings are (allow or block). Also, the advanced settings the of firewall to block programs has no effect as well (I usually have it set to block all traffic unless explicitly allowed). Feel free to test yourself. Would love to know I’m not the only one (tested and broken on three different win 10 machines, works fine on two win 7 machines). 
 

You been warned...


17 replies

Six months later:

 

Still true.

 

Was this feature abandoned?

Userlevel 7
Badge +59

Hello @cyansmoker 

 

Maybe it’s broken so I will ping a few Webroot Staffers so they can look into it! @freydrew  @khumphrey  @BradW  @ssellers  @coscooper  @TechToc 

 

Thanks,

Userlevel 6
Badge +26

@j_sun_eh & @cyansmoker & of course, @TripleHelix 

I believe there is a misconception that the firewall settings in our agent are actually inbound or outbound port blockers or act as a traditional firewall. They do not in any form block general traffic. There are no advanced settings like application allowance/blocking, port allowance or blocking or any of the traditional firewall options. It is not and has never been a replacement firewall for either Windows Firewall, Apple Firewall or edge firewall.

 

Let me explain. Our firewall is strictly for fire-walling or stopping a malicious actor that is being monitored as part of the behavior heuristics. If the agent determines a bad actor is reaching out over the network connection to a command and control center, or any number of nefarious activities, the agent will “Firewall” or block the malicious process.


The firewall settings are strictly for controlling this type of situation, not any process on the endpoint where the agent resides. That need/requirement is reserved for a true firewall either Microsofts, Apples or the network edge firewall.

 

It is not a traditional firewall designed to block traffic. This was never a feature of the product from inception to current.

Hope that helps. (For full disclosure for clarification, i am speaking about our business product. The consumer product may be different and I’m not aware of how that product works, so if there’s an issue there, please report to that support channel.)

Userlevel 7
Badge +59

Well I can’t use this as it needs to be updated: https://docs.webroot.com/us/en/home/wsa_pc_userguide/wsa_pc_userguide.htm#UsingFirewallWebShieldProtection/ManagingActiveConnections.htm%3FTocPath%3DUsing%2520Firewall%2520%252F%2520Web%2520Shield%2520Protection%7C_____3

 

But in the UI you can Allow or Block and or Allow and Close?

 

 

So your saying none of that should work by blocking a program from calling out like Firefox in this case?

 

Thanks,

Userlevel 6
Badge +26

@TripleHelix  Unfortunately, i misspoke and edited my first response. I am on the business side, which locks this dynamic active process view from editing. While the agent may show this, users can’t do anything with the info. My apologies, i am not aware of how this works on the consumer side and it appears it was not clear on the first post, or I didn’t read for comprehension.:grin:

Userlevel 7
Badge +59

No worries I just wanted Webroot to be aware that it’s not working as I have Firefox Blocked and I’m posting this? Maybe after a reboot?

 

 

Userlevel 7
Badge +59

No it doesn’t work even after a reboot. @TechToc 

 

 

Thanks,

Userlevel 6
Badge +26

On the business agent side things are similar, but different. While this info is visible, it’s not editable. It really is more for monitoring and reporting, was not designed to act as a firewall replacement. Business and MSP techs only use this info for troubleshooting. 

Frankly, i’ve never used this section other than for troubleshooting but have never attempted to use it to actually block a process as that is typically reserved for the monitoring heuristics. 8-)

 We use it on the biz side to see what has been blocked for threat hunting and analysis, but again, not as a decision making blocking tool. I would never rely on the WR agent to set these parameters as it’s more of a monitoring process under the hood for when the agent took action based upon my original post.

Hope that helps.

Userlevel 7
Badge +59

I understand and remember when Joe added the the new Firewall Controls to WSA when Windows 10 came out and I never use it either but I do have a third party firewall (Glasswire Elite) and it is a true Firewall as I can use to block programs from calling out but not ports.

 

We just need some clarity for the consumer side for all to understand.

Userlevel 7
Badge +59

Actually Windows 8 and 8.1:  https://community.webroot.com/got-an-idea-29/outbound-connections-fw-control-in-win-8-win-8-1-60003#.UwIu4oXDtdU

Yes please. Some clarity would help.

This is too bad, really:

  • here is a product that I like
  • as a user, if I (mistakenly) believe that a  core functionality stopped working and no one cares, this makes me fear the worst, as far as other functionality
  • ironically, it’s not even the functionality I need most from the product!

Anyway, that’s a confusing UX where I can click some buttons and nothing changes; that plus the notification settings really conspire to confuse the end user (me!)

I downloaded Windows Firewall Control and it does exactly what I expected from this feature.

Webroot can go back to being my anti virus!

Hello,

 

I’m the original poster of this problem.  Webroot has NOT fixed this problem.  I basically gave up months ago.  I can confirm it STILL doesn’t work on any Windows 10 computers I have (4+).  Works fine on a old Windows 7 machines (2+).  I would really like this to work.  I use it to block certain programs I don’t want calling home unless I confirm.  Currently it doesn’t block anything no matter what the setting are in Webroot.

Can we please have this function fixed as we’re paying for it in the premium version.  You advertise the firewall for your “complete” version :(

 

Userlevel 7
Badge +16

@TripleHelix 

Thank  you for pointing me to this report.  I am discussing with Development to understand the issue and options for addressing it.

Brad

Userlevel 7
Badge +59

@TripleHelix

Thank  you for pointing me to this report.  I am discussing with Development to understand the issue and options for addressing it.

Brad


Thanks @BradW  :wink:

Userlevel 7
Badge +59

@BradW  None of these features work either so please add it to the list! I don’t get any warnings from the Firewall under any of these settings and also I installed Unknown Programs and not a peep from WSA’s Firewall and I remember it did work before on Windows 10.

 

https://answers.webroot.com/Webroot/ukp.aspx?pid=12&login=1&app=vw&solutionid=760&donelr=1

 

 

  1. The following table describes Firewall settings.

    SETTING DESCRIPTION
    Allow all processes to connect to the Internet unless explicitly blocked

    Allows all processes, including potentially malicious connections to access the internet, unless the process is specifically blocked in the active connections list.

    For more information, see Managing Active Connections.

    Warn if any new, untrusted processes connect to the Internet if the computer is infected If the computer is infected and any new untrusted process connects to the internet, the system provides a warning. This radio button is selected by default, which is the setting we recommend.
    Warn if any new, untrusted process connects to the Internet When any new untrusted process connects to the internet, the system displays a warning.
    Warn if any process connects to the Internet unless explicitly allowed

    If any process connects to the Internet, unless the process is explicitly allowed in the active connections list, the system displays a warning.

    For more information, see Managing Active Connections.

  1. When you're done, click the Save button.
Userlevel 7
Badge +59

I don’t get none of these anymore as I found this online doing a search??

 

 

Userlevel 7
Badge +59

Hello @BradW  any news on this?

 

Thanks,

Reply