Accepted/In Progress

Mac Secure keyboard entry mode - Need to control via policy

  • 8 September 2017
  • 26 replies
  • 7714 views

Userlevel 2
I/We need the option to be able to control the 'Secure keyboard entry mode' via policy. That or allow disabling the setting to persist through a restart.
 
**This is not a new issue: Old Thread and I mentioned a year ago
 
This option prevents our users from using specific fuctions in heavily used applications. Adobe Illustrator is a great example of a highly used application and function. With the option enabled, pressing the spacebar to switch to the hand tool does not work. Illustrator users are typically in the application all day every day, so disabling this setting is annoying at best. Once set, a user sees that Webroot is now in an alert state. If conditioned to just ignore this now, users become desensitized to a pretty important visual alert that something could be wrong with their system.
 
Currently, unchecking the option turns the Webroot icon and client red. A restart of the machine will re-enable the option as well. This presents a significant negative UX along with a management nightmare. Because of this, Webroot in it's current state is unfortunately still nearly unusable for the majority of our Mac users.
 
Even though it took way too long to get to market, the addition of Mac policy management was a great first step. We just need to have more control. There has to be a way to whitelist applications from the Secure keyboard entry mode, or disable it without turning Webroot red, and/or retain the disabled state through a restart.


 
Thanks,
Nic

26 replies

Userlevel 2
I would like to point out that this behavior does not exist in Windows.
This is also a pain point with many of our client sites. 

The addition of Webroot policies for Mac was a step in the right direction, however, as nicbot suggested, we need more control.
Userlevel 7
Badge +31
Completely agree, I'll get it added to the product backlog.
 
We're building up a list of enhancements for policy settings and will get to them over a series of releases. Based on the current priority,  I'd expect this particular one to be about 2 - 3 releases out.
 
Jonathan.giffard
Senior Product Manager
WSA Business 
 
Without the ability to disable "Secure keyboard entry mode" via a policy we cannot even use these policys
 
I cannot find any way to enable users to change settings when policies are enforced so they can turn off this "Secure keyboard entry mode" themselves
 
A bit of catch 22
 
Am I missing something?
It actullally seem like this setting in the console "Identity Shield Enabled" disables the "Secure keyboard entry mode" when I try
 

Userlevel 2
You'd have to give your users the ability to pause via the dropdown...
 

Found this now WHEN I knew what I´m looking for... ;)
 

Userlevel 2
Right. Disabling Identity Sheild will disable the Secure Keyboard Entry Mode. However, this puts WR in an alert state as shown in the screen shot in my original post. This might allow Mac users the ability to work in Adobe apps again for example, but it criples part of the WR product along with putting it in a perpetual alert status. This is not desireable on a few levels as you can probably imagine.
Sorry but here is a LONG post I posted yesterday that is missing in this thread - I post i below:
 
After some hours of testing yesterday evening I have come to the following conclusion that I can get what I want from the current policies regarding to be able to support customers in the graphics industry. 
 
  • If client is in group "Unmanaged" the user can disable <Secure keyboard entry mode> themselfs and Adobe keyboard commands work. Standard Webroot behaviour until recently.
  • If client is in a managed policy group (in my case Mac Default) with GUI enabled in the policy Adobe keyboard commands does NOT work and trying to change <Secure keyboard entry mode> on client side gives an "error" saying that it is managed (as it should).
 
  • If client is in a managed policy group (in my case Mac Default) with GUI enabled in the policy AND <Identity Shield Enabled> disabled in the policy Adobe keyboard commands does work. This does however give a warning to the enduser that the client is not fully functioning with a ! on the icon in the menu-bar.
 
  • If client is in a managed policy group (in my case Mac Default) with GUI disabled on client side AND <Identity Shield Enabled> enabled OR disabled in the policy Adobe keyboard commands does work. This will probably be my way of deploying right now for most customers.
Userlevel 2
"If client is in a managed policy group (in my case Mac Default) with GUI disabled on client side AND <Identity Shield Enabled> enabled OR disabled in the policy Adobe keyboard commands does work."
 
If true, this has to be a bug. Makes no sense to simply disable the GUI and have the Secure Keyboard Entry trun off (or the Adobe issue go away). I'll have to test this too, but could anyone from WR chime in?
 
**Update** Initial testing looks to proove this correct. With just the GUI disabled and Identity Shield Enabled via policy, the Adobe issue seems to be resolved. The question now is why? Is it a bug? Is Identity Shield even working? WTH??
Userlevel 7
Badge +35
We are reviewing all feature requests - switching status to get it into the appropriate queue.
Userlevel 2
"**Update** Initial testing looks to proove this correct. With just the GUI disabled and Identity Shield Enabled via policy, the Adobe issue seems to be resolved. The question now is why? Is it a bug? Is Identity Shield even working? WTH??"
 
Looks like this doesn't work anymore. I've had to disable Identity Sheild completely to restore keyboard shortcuts/commands in Adobe apps. The quoted workaround must have been a bug and since resolved somehow. Any update on the WR side? Anyone else seeing the same behavior?
 
Thanks,
 
-n
Userlevel 7
Badge +35
 We are activley reviewing all policy settings and mapping them across to Mac.  We expect to complete this effort in the second half of 2018.
Userlevel 7
Badge +35
We are activley reviewing all policy settings and mapping them across to Mac.  We expect to complete this effort in the second half of 2018.
Badge +3
Team,
 
We have some customer who causes issues with the Applications they use function keys stop working. For fix the issue they need to disable Secure keyboard function.
 
Above mentioned activity need to be done via access MAC system Manually and make the chanegs under Webroot policy settings but some clients need to be install Webroot with the Secure keyboard function being Disabled. Also, client does not want to disable the Identity Shield & Realtime Shield.
 
Please check this and provide the further update about this whether its possible or not? If yes then how we can do it.
 
Thanks & Regards,
Vishal Kamble
We too have the same issue with 'Secure keyboard entry mode' not persisting after a reboot.
 
@ You mentioned this would be addresses in this half of 2018 - can you please provide an update.
 
Hi.  We too are having this issue. I'd like the ability to at least disable Identity Shield from the management console and have it persist after client reboots.  Ideally, being able to switch it off for specific applications would be the perfect solution.
Userlevel 2
Badge +16
It would be great if Secure Keyboard Entry could be disabled from a custom policy without turning off identity shield. Mayfield_John's suggestion of switching off for specific applications would be a good addition as well.
Userlevel 7
Badge +35
I have not received an update, but perhaps @ would have additional information?
We too are having this issue and mostly with Adobes products on MAC.
So based on the info that there would be some kind of resolution to this in the second half of 2018 and the fact that we only have 2 weeks left of 2018.
 
Do we have an update on this issue / progress of how the policy revision is going?
Would be really nice to know if there is an ETA on this so we know what to tell out customers that experience this problem 🙂.
@ @
 
Thx in advance!
Userlevel 7
Badge +31
Hi there,We couldn't get it into this calendar year unfortunately but it's being worked on at the moment for a release in early 2019.RegardsJonathan
Badge
Hello @akim @JGiffard

We too are having issues with Webroot and Adobe products on Mac. Was curious if there was an update on this.

Also, we are fine with disabling the Identity Shield, but users are getting notices that Webroot is disabled. Do you know if there's anyway to disable these notices for the end user?

Thanks,
Trevor
Userlevel 4
Badge +16
We've had it disabled via policy for awhile, but the "Protection Disabled" warning was confusing users, so we finally had to hide the UI for all Macs, which a terrible solution but the least-bad of our current options.
Adam
Badge
We've had it disabled via policy for awhile, but the "Protection Disabled" warning was confusing users, so we finally had to hide the UI for all Macs, which a terrible solution but the least-bad of our current options.
Adam


How did you disable this feature via policy? Been digging around the editor and can't find anything for it.

Thank you! 🙂
Badge
@PCC-SysAdmin
For us, we created a new group for the Mac hosts, then created a special policy for the group. See below, hope that helps ☺



Edit: Forgot to mention, as @AdamCMorgan stated above, we too ended up just hiding the UI to stop the popups. The UI setting is under User Interface > GUI, set it to "Hide".

Reply