Complete

Website Exception Management in Console

  • 6 February 2014
  • 40 replies
  • 32074 views

Userlevel 5
Desperately need an addition to the Console that allows administrators the ability to add exceptions or "whitelist" valid and legitmate websites.  We have had numerous instances where users have attempted to visit a legitimate website (such as www.apexwin.com/us) and are presented with a message that the site contains malicious content and offers the option to close or allow.
 
We do not want users to have the ability to click "Allow" on every site they come across that presents this warning (as all they care about is getting to the site they want) and would rather have the ability to whitelist legitmate sites that users report they cannot access, just as we're able to do on any Web Filtering Appliance / Service.
 
I have seen numerous forums and discussion boards where many other Webroot customers desperately desire the same functionality.  I saw where one of your developers said it is in the works, but that was more than half a year ago.  Please expedite this Feature Request and add this functionality to your next version update.  Thank You.

40 replies

We need the ability to automatically scan a thmbdrive/external drive connected to a PC.  The well hidden options of custom scan do not work in the heat of the moment as typical end user will not remember to do thi and if they do, the process is so well hidden they quit looking for it.  Our field  offices are roughly 10+ hours behind or ahead of us and asking an admin to use a command prompt to to do this with exotic and many character commnds is not only cludgey at best but not imely since the problem will not only have occurred but be half a day ahead of mebefore i can even react
Pls give us the ability to remove machines from the deactivated group.  its a total pain to have to contact tech support jsut to remove a simple machine from console.  i'm a big boy now and can probaly manage this on my own if given the chance...
:-)
 
thx
Userlevel 4
What about ETA for WebFiltering from the console?
Userlevel 7
Badge +56
No current plans to implement as this overlaps with the Web Security Shield product.
Userlevel 7
FYI, Webroot support can instantly whitelist websites centrally. I disagree this overlaps with the Web Security Shield product, whitelisting sites in that will have no impact on WSA unless you turn off the malicious site protection in WSA. I wouldn't do it.
Userlevel 5
In response to Webroot Community Manager, I find your response to this request very disturbing to say the least.
 
It only overlaps your WSS product if your customers use the WSS product in conjuction with the WSA product and, as explanoit pointed out, only if you deactivate malicious site protection.  If your customer is only using WSA and not WSS, then there is no overlap for the customer.  If your WSA product has the ability to block websites, then you MUST provide your customers a means to have legitimate sites not blocked!  If you do not, then you're not providing your customers a viable product.
 
If I, as a network manager, cannot provide a real-time means for my users to get to the legitimate, non-malicious sites they need to get to in order to do their jobs because a security product is creating a roadblock, then that security product is not providing added value, no matter how good it may be at protecting my network from maliciouis content.
 
So, I'll make this simple as it would appear that Webroot may be more responsive to an impact on their bottom line than to the legitimate needs of its customers.  If it remains the position of Webroot that you will not provide the capbility of whitlisting safe and legitmate websites in your WSA product, then we shall discontinue using the WSA product and will seek out an alternative and more viable solution, and certainly share our experience with and the limitations of the WSA product with other agencies at the upcoming technology conferences throughout 2014.
Userlevel 7
You are correct, @ 
 
I think @ or the team misunderstood the request.
 
It's my understanding this sort of functionality already exists locally, but not in the business edition yet. In the consumer product there is a c:programdataWRDatawrUrlwhitelist.txt file (may not be the exact path) that you can put sites into. I may be completely wrong, I've never used it personally.
 
In the meantime, call Webroot Business Support and they can whitelist the site in just a few minute call. It's not like our previous AV provider who you have to go through tiers of support to get someone that can do anything. Trust me, try it for now.
Userlevel 7
Badge +56
Maybe dev did misunderstand the request - let me chat with them again.
Userlevel 5
Thank you @  for the additional info and clarification.  Will take suggestion about calling Support for as an interim means.
 
@ I would very much appreciate you double checking with the developers again.
Userlevel 7
@ @ 
I've been thinking this over, dev may not be making this a priority because getting this issue fixed should only require a few minute call. And that way it's fixed for all customers. That's not a promise of course, but it's my usual experience.
It doesn't explain WSS being a solution, unless they are saying to disable URL filtering on WSA and buy WSS...
 
Tip: It's usually it's best to submit the URL via the ticket system, then call up and give them your email address. Or better yet, copy and paste the exact messages in the local WSA log into the ticket.
 
But yeah, seriously, Webroot business support is totally different than any other vendor. There is no tier 1, I'd say they're all T2-T2.5, which was a very significant thing that keeps us with them. If you have a problem that can't wait an hour (or you want to talk), you call them, they fix it, and since everything is "cloud" and centralized the impact is immediate. There are edge cases where it needs to be escalated to a specialist. You can discuss with them your time requirements and even that can be fairly responsive.
 
Of course, I'm just relaying my experience, I can't make promises on their behalf.
Userlevel 7
Badge +56
Re-opening this one pending discussion with dev.
Userlevel 5
@  Thank you for sharing your experiences with support and for the suggestions.  I can appreciate their responsiveness to a whitelist request, and it is re-assuring that support is structured in the manner you described and that they've established a great track record in addressing and resolving your support requests.  I still believe though that it would still make sense to enable administrators to manage this on their own via the Console, saving a call to Tech Support and allowing them to address more important concerns.  I have used many different appliances and services to include Barracuda, iPrism, McAfee, MX Logic, etc. and none of them have denied their customers the ability to manage their own environment without vendor intervention.
 
Thanks again for the information.  I will of course call support as that is my only recourse at this time, but I, like many others who've posted similar requests, will be looking forward to hearing about the addition of this capapbility to the WSA product.
 
@   Thank you for re-opening and updating the status.
Userlevel 4
I totally agree with ParkCountyGov.
 
Many of our costumer things that lack of white / black URL list (managed from console) at antivirus software for business is a very big shortage and its a big disadventage of this WSABEP.
When it comes to support there is also a language barrier and a matter of time and convenience.
Userlevel 3
totally agree, this is a feature which NEEDS to be included. I'm sure you all know, but you can check why Webroot is blocking the website at http://www.brightcloud.com/tools/url-ip-lookup.php. You can also request the change be made from here.
Userlevel 7
Badge +20
I totally agree with ParkCountyGov, in that if WSA blocks websites, you should also include a way to create exceptions or overrides for websites - just as you would for legitimate processes. This is something that I don't consider to be a feature request, but something that should be fixed within the product... Can you imagine if an AV product blocked processes, but didn't give you the option to allow them?
 
On the other hand, I understand Webroot's difficult position with this request since it kind of sits on the boundaries of their Web Security Shield product... one would think "Why get the Web Security Shield product when the WSA product does that as well?" I'm sure they're worried that it will affect sales. But they don't need to look at it that way. I think that they can create this functionality in the WSA product without conflicting with their Web Security product. What if they implemented something that was similar to the Web Security product, but didn't give the admins as granular control in the WSA product as they would in the Web Security product, in terms of controlling what websites users can get to? At this point I would just be happy to have some way of whitelisting legitimate websites on our end without having to call Webroot and or creating a ticket... that's really not in the least bit convenient.
 
Also with alerts, while I already have one set up to notify us if there's an infection detected, I don't have the ability to create an alert to notify us if the user comes to a website that is considered malicious. This to me is almost just as important as notifying us if there's an infection detected. It would be helpful to know when Webroot blocks a website so we can quickly determine whether it's truly blocking a malicious website, or if the website was falsely categorized. The data, I'm sure, is there - we just need to be able to interface with it.
 
I hope that Webroot will come to the same conclusion, as many of it's user's, that we need a way to create exceptions for websites in the WSA console.
Userlevel 7
Badge +20
@- when I go to the link http://www.brightcloud.com/tools/url-ip-lookup.php I get "The server at www.brightcloud.com is taking too long to respond." message... I would use this site, if it were working... but all the more reason why we need this functionality implemented in the web console.
 
Thanks for the info though!
I agree with everyone here.  I'm not interested in any overlap between WSA and WSS because we're only interested in WSA.
 
Bottom line:  If WSA has the ability to block a page, we MUST have the ability to globally whitelist it.
 
Practically, as a sysadmin, there is no way I'll ever let users determine if they want to proceed to a website marked as "bad" anyway.  That will never happen so that option is not really an option.  This is where the "business" edition needs to differ more.
 
Also, if we can make a phone call and have the site unblocked within a few mintues, why not let us have a portal to do so, for our organization only (per policy)?  Obviously the ability exists.
I am currently evaluating Webroot to replace ESET here in our 100 plus user eviroment. The fact that there isn't a whitelist option available either in the WSA/WEP product lines makes it a non-starter. I've loved everything else about webroot and it's been great in my test enviroment, but I can't install webroot and disrupt our productivity due to the fact that legitimate websites are blocked, etc. I totally agree with the above comments if your going to block sites then you MUST have a whitelist option as well. I WANT to move to webroot, but I won't until this is fixed. (Yes I know we can get that whitelist funtionality in WSS but we are not going to buy 2 products to replace one.)
@This is still an issue for us. Has there been any update on this situation. We are having issues with the website of the business running the webroot. Needless to say they do not appreciate not being able to access their own site. I dont want to train them to hit allow on any site them come across. A response would be greatly appreciated.
Userlevel 7
Badge +56
@ have you contacted support to get that site whitelisted?  That would be the fastest and easiest solution.
Userlevel 4
@ can you give us an update on this feature request please?
 
Userlevel 7
Badge +56
I checked and unfortunately it didn't make the cut for this quarter, but it's still in the backlog and we'll do another round of reviewing of feature requests next quarter.
I am going to have to agree that there needs to be a whitelist management for our company as well. We will have strong consideration to not renew past this year. I am not going to call support everytime I need to allow a website. No matter how fast you feel support is that is not how we need to funciton as a company. We are new to the product and this is very disappointing as I have been please with your product so far.
We really need this feature as well. We have around 2600 workstations we are considering bringing onto Webroot but have found that not being able to whitelist websites is causing issues on the few clients on which we have Webroot installed.
We moved over to Webroot at the end of 2015.
 
I must add that I'm appalled that a basic function such as whitelisting sites are not allowed via console. It becomes a chore to get a site whitelisted and as an Administrator I do not have time to waste.
 
The dnsapi.dll fiasco also do not reflect well on the webroot product and team as a whole.
 
My recommendation to Management would be we move back to Symantec or other well known solutions.
 
Regards,
Albert van Zyl

Reply