When you launch unknown applications: display a pop-up message
This will increase the security, so the user will be notified in advance
It will be more convenient, the user will know that in system is running suspicious process
At the moment the user doesn't receive notification of monitoring active process
Can we have two separate lists, Protect and Allow/Deny, to the Identity Shield as some have said that they would like to Protect an App but they also want to be able to Allow or Deny an App from seeing Protected Data. I can see the benefit of this option myself and other Advanced users.
We use the Endpoint activity feature in the Status tab to deactivate all endpoints that haven’t been seen in 90+ days, however there are a couple issues with this:
1. The longest time period we can select is “Last 90 Days,” but we have several clients that keep some computers (esp. loaner laptops) in closets for periods of 6-12 months. So it would be helpful if you could add “Last 180 Days” and even “Last 365 Days” to this dropdown.
2. The Endpoint activity feature is only available in each Site, not globally. So if we wanted to periodically sweep through and deactivate endpoints that haven’t been seen in 180+ days we would have to do this on a site-by-site basis. With 150+ sites, and an average total load time of 15-20 seconds per site, there would be about 45 total minutes of just waiting for pages to load. It would be great if that feature were available at the GSM level, so we could quickly deactivate all endpoints across all sites that haven’t been seen in 1+ year.
We get a lot of questions/issues/complaints around PUA's. They are one of the most irritating things. WSA blocks many of them, but for a variety of reasons not all. Specifically PUA's that are bundled with other software, are not hidden, have an opt out ability, are not currently blocked by Webroot.
Would it be possible to add a feature that the end user can choose when installing new software to block ALL bundled software? That would:
1) Be an active choice by the user to block the bundles
2) Reduce vastly the number of PUA issues that we see
3) Keep things quite legal.
4) Help keep Webroot above and beyone the competition.
I believe that path exclusions are coming to this software shortly, so won't request that.
At the moment, all files detected are quarantined. I work (IT Security) with numerous files that are correctly questionable to AV. Therefore instead of quarantining everything, it would be useful to config the product to just detect and alert, instead of quarantining.
I would like to put in an Idea Exchange suggestion for new PDF's User Guides. The most recent is this Webroot Management from June of 2013
And to push the bar here for a Mac PDF?
This would be a great asset for Webroot Consumers and for leading the OP's to a knowlegable way to print or copy information from these newer updated Webroot Manuals.
Can this be done from the Webroot staff of Editors?
These PDFs are on Goodle Search.
This will be a tremendous help to all of the Webroot users searching the Web.
Does anyone else have any thoughts to add to this? Which are greatly welcomed!
As I keep on using WSA, more and more programs gets added to the lists, namely Application Protection lists under Identity Protection. This feature often blocks programs like MailBird and Product key activation window of many programs and I have to manually allow these programs to copy text. While this feature makes it more secure and I have no issue manually configuring them, as time goes the list grows and it becomes a painful task to scroll down the tiny window and find the required entry. I am now talking about scrolling down through more than 100 entries. I am sure some many users have way more.
Idea: Make WSA UI window resizable or an option for fullscreen, so that the list expands and it will be easy for us to go though it. Also add a search option to search for the required entry.
We rescently had to add 100 firewall entries for p1*,webroot ect to our firewall.
wildcard firewall entrys are not recommend by most vendors due to stress put on the firewall resolving the incoming packets
a better dns architucture and amazon ip services would be better.
google dns for example
our symantec message labs services is something like cluster6.apac,symantecloud.com.
Hello, here is a problem I'm having with WSA. I'm frequently forced to go to both "Control Active Processes" and "Application Protection" and manually 'Allow' applications that WSA has decided to "Monitor" or "Deny", causing them to not work properly. This is fine if it only happened once, but when these applications are updated (automatically or by the user) it's the same routine all over again.
I know I can report them to Webroot but it's no fun having to report every single application I use (except from mainstream ones that are auto-whitelisted) and even if I report them, it's not guaranteed at all that on the next update I won't have to manually 'Allow' or report them again - quite the contrary.
The idea is to stop blocking updated applications the user has already allowed him/herself. I know the .exe is different after updating but surely there must be a way to safely allow this. After all, the user requested it in the first place.
Have noticed in the Fora that there have been a number of users reporting dissatisfaction at the way that the Personalised Security Report is notified and the control that they have over how it interacts with their systems/themselves, etc.
As a result I am starting a feature request to try to capture this centrally as this is really the place for such views to reside if change is to have a chance of being achieved IMHO.
So common issues that users feel that they need rectified are:
1. Seeing the notification message on every login.
Suggested that that the frequency should be much more limited (maybe only show the message once per month and that the prompt should disappear by itself if not interacted with by the user after so many seconds. As it is, the prompt only goes away if you click on "Learn More" (which opens the web page with the stats) or the "X" in the upper right (which closes the window).
So extrapolating from this the conclusion to draw here is the provision of user definable parameters for (i) number of prompts to be shown & interval (in secs) before stopping & (ii) time after which prompt/notification will auto disappear if not responded too.
2. Ability to turn off notification
User defined setting that allows the user to decide whether they are interested in even receiving sucha report, and therefore associated notification (not that I can understand why one would not want too...)
3. Control to be provided via My Account/Web Console
And one of my own, given the above:
Provision of the above above suggested settings to be handled as another option in the Web Console, very much in the same way as control of the Advanced Settings can be handled that way. Believe that as the deployment of the report "is controlled by the backend rather than the agent" to quote JoeJ, it makes sense for any new user settings that may be provided to also effectively reside at the backend rather than the client.
Well, I hope that provides a suitable starter for further comments by those who want to make them so that we can see if the feature (which I personally like) can be enhanced.
So please post & comment away, folks...
EDIT: To add point 4. (from David's comments below)
Provision of the ability to be able to view the latest/last Report published "On Demand". Suggestion is the addition of a permanent tool or option, to access this, under the Utilities, Reports tab. Thanks, David...a very good one!
PROBLEM: Additional, and likely unwanted extra software which appears (often pre-checked) during installations of various and even common softwares.
This extra software offered may appear at first glance as benign, and nothing to worry about, but the sad reality is that its main intention is to generate income for its developers and promoters, and in some instances may cause considerable problems for unwitting, innocent users.
Of course what we are referring to are known as PUAs (Potentially Unwanted Applications) aka PUPs, and there is a request and Idea posted here: https://community.webroot.com/t5/Ideas-Exchange/Bl
But it may be asking for something not quite possible, for different reasons.
So maybe a slightly different idea might be more feasible:
SUGGESTION: That WSA could have the added capability to allow users greater control of these "extra softwares" which arrive pre-checked, in that users could have a setting added to WSA to refuse these pre-checked, potential PUAs.
[Using Google Chrome on Windows 7 and Windows 8]
When we use Google Chrome to visit an HTTPS website, Chrome shows us a padlock to the left of the URL.
Sometimes, though we see a gray-padlock-with-yellow-triangle. The gray-padlock-with-yellow-triangle is also a native part of Chrome. You can see that icon when you go to a website that is SSL secure, but, say, embeds an image or banner or something from another server that isn't SSL secure.
The issue is that users never see any green padlocks when Webroot Filtering Extension is enabled. The extension acts as "something on the page that's embedded from another server". Thus, a user can never tell the difference between a 100% secured website and once that's only partially secure. In other words, the extension reports a false-negative for every legit HTTPS website.
Since I own and run an insurance website, I would very much like users to see the green padlock on my site. But if they have Webroot Filtering enabled, they'll only see the partially-secure gay-and-yellow icon... and it looks like it's my company's fault that we're not 100% secure.
I want to be clear about this, the issue is not how secure the extension really is... but how secure my website appears to Webroot users. Right now, this extension makes my website appear untrustworthy.
What I'd like to see from Webroot:
- fix the problem, or...
- add a note to the gray padlock for safe sites (like mine) explaining that the website is actually safe, or...
- upon the extension being enabled (and whenever a browser is launched) make a splash page that educates the user about how they will never see green padlocks again and why (user can disable the splash page in preferences), or...
- take down the extension and do an update that force-disables the extension until it's repaired, or...
- remove the part of the extension that is causing the problem (perhaps put that part into a second, separate extension that can be optionally enabled)
If it cannot be fixed, Webroot at least needs to do something to educate its users about why they never see green padlocks anymore.
Some ideas on what to investigate in fixing this bug:
There is more on this issue on the forum here:
Also, I had previously filed a support ticket regarding this issue on Oct 25, 2013 18:04.
It would be great if there was a Webroot Community app for smartphones, tablets and pcs (Win 8/8.1 Metro apps). It would let direct and smooth access to our Community instead of browsers. It could also have an option for all the sweeptakes and contests arranged by Webroot.
As I understand it, the Web Threat Shield blocks sites based on a reputation score, and sites that are believed to be new are automatically given a low reputation score -- so any new site is automatically blocked. The problem is that in the user interface, when a site is blocked, the user is not told whether it is blocked because there is actual evidence of real threats or simply because the site is believed to be new. The result is that users will be frightened away from any relatively new site, even if they have personal knowledge of its reputation (i.e., they might assume that evidence of an actual threat has been detected on the site). This problem is exaccerbated by the fact that Webroot apparently has no reliable way of determining the age of a site, so a site that has been around a long time but simply isn't yet in the Webroot database will be considered new and therefore a threat.
Instead, why not give users more information and let them decide? Rather than giving a new site a low reputation score and scaring users into thinking it is likely to contain threats, instead provide a message like the following:
Webroot does not have any information about the reputation of this website. It may be a relatively new website or an older website that is not popular enough for us to have encountered it before. You may be comfortable using this website if you have personal knowledge of its reputation, but otherwise we suggest you proceed with caution.
A message like that would provide a sufficient warning without misleading users into thinking an actual threat has been identified on a site with which they are already comfortable. If several users choose to unblock the site and proceed, you might then use that information to bump up the site's reputation and stop blocking the site altogether.
Note, this request is motivated by a recent negative Webroot experience with a site that I maintain. The site is for a small local church, so it is not widely popular and was therefore not known to Webroot. One of our church members recently reported that the site was blocked by Webroot and showed me the message indicating that the site was deemed to have a high likelihood of containing threats. Despite the fact that she knows the site and has been to it many times before, she assumed a real threat had been detected. And despite the fact that I am the creator and maintainer of the site, when I saw the warning message, I too thought perhaps some real threat had been detected. Upon further investigation, I learned that no specific threats had been detected, and that Webroot was blocking the site merely because it thought the site was new. The problem is that the site is not new -- it has been up for a full three years.
I believe Webroot is doing its customers a disservice by misleading them into thinking sites they already know and trust have been determined to have real threats, when in reality Webroot simply has zero information about the site. If you have no information about a site, simply tell the user that, and let the user decide what to do based on their personal knowledge of the site.
Having looked through this subject, my own thought is that it would be easier from a programming and legal perspective to simply have WR uncheck the boxes and flag up to the user to check that is what they require.
Or am I being a little naive here?
A major oversight in the product is the inability to see the currently journaled applications or allow applications that may only run for an instant but nevertheless be monitored and restricted. Or they may never run again, potentially leaving very large journaling files.
Take for example a print driver installer. You launch it and run it but it doesn't fully install. You then launch it, go into Control Active Processes, allow the main installer, and try again. However, you look in the log and it is launching executables under it that never have a chance to show up in the Control Active Processes window. You never get a chance to allow them and your installation is impeded.
Webroot's response to this is to contact support to whitelist the files via the MD5s in submitted logs or to add a file via Block/Allow files. This is not an acceptable solution for power or home users. Power users should be given full status and control of their protection, and navigating temporary directories under appdata is not a reasonable task for home users to perform. In addition, in many cases files are extracted to a random temporary directory and immediately deleted. There may never be a chance for the normal user to ever manually allow them.
Webroot needs to implement a dialog where users can see a full listing of the data that Webroot is storing on their PC via journaling and the applications it has decided to monitor and restrict from performing fully. Your competitors that have their own centralized reputation engines allow this.
As an expert, I can work around these impediments. But I am in IT with experience on the product's philosophy, workings and Windows. This knowledge should not be required to control the fundamental design and operation of a product. And this is the most fundamental design. The journaling. This is a basic, core feature that should already be implemented.
Webroot has 7 characters which happens to match US phone numbers. For ease of access, has someone considered reserving a paid or toll free number 932-7668 (WEB-ROOT)?
In the UK: +44 (0) 870 WEBROOT
Offhand I would think this would be a support number, but it could be used for sales I suppose.